6.5: Require MFA for Administrative Access
CSF v1.1 References:
Threats Addressed:
Previous Version:
- Critical Security Controls Version 7.1:
- 4.5: Use Multi-Factor Authentication for All Administrative Access
Control Statement
Require MFA for all administrative access accounts, where supported, on all enterprise assets, whether managed on-site or through a third-party provider.
[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]