6.3: Require MFA for Externally-Exposed Applications

CSF v1.1 References:

Threats Addressed:


Info icon.

Control is new to this version of the control set and incorporates the following item from the previous version: 16.3: Require Multi-Factor Authentication.

Control Statement

Require all externally-exposed enterprise or third-party applications to enforce MFA, where supported. Enforcing MFA through a directory service or SSO provider is a satisfactory implementation of this Safeguard.

[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]