IA-2(7): Network Access To Non-Privileged Accounts – Separate Device

Control Family:

Identification And Authentication

Parent Control:

IA-2: Identification And Authentication (Organizational Users)

Priority:

P1: Implement P1 security controls first.

CSF v1.1 References:

PR.AC-1
PR.AC-6
PR.AC-7

Threats Addressed:

Spoofing

Baselines:

(Not part of any baseline)

Control is withdrawn in the next version of this control set and incorporated into: IA-2(6): Access to Accounts – Separate Device.

Control Statement

The information system implements multifactor authentication for network access to non-privileged accounts such that one of the factors is provided by a device separate from the system gaining access and the device meets [Assignment: organization-defined strength of mechanism requirements].