CMMC 1.0 Practice IA.3.083 Requirement:
Use multi-factor authentication for local and network access to privileged accounts and for network access to nonprivileged accounts.
CMMC 1.0 IA.3.083 Requirement Explanation:
The traditional authentication uses a single factor, typically a password. Multifactor authentication requires that a second factor also be used. Examples includes a PIN from a mobile or bio metric fingerprint. Multifactor authentication significantly reduces the likely hood of an attacker being able to gain access to your accounts. You need to protect accounts accessed over the network with Multifactor authentication. Network Access means access to a system by a user communicating through a network (e.g., local area network, wide area network, internet). You need to protect privileged local accounts with MFA. Local access means access to a system by a use communicating through a direct connection without the use of a network. An example is the local admin account on laptop.
Example CMMC 1.0 IA.3.083 Implementation:
Implement a multi-factor authentication in your environment. If you use active directory sync it with your Multi-factor authentication (MFA) solution. Any logons occurring over a network need to be protected with MFA. Below are a few common examples: If users are logging into their workstations using their active directory account then setup MFA on the workstation. If employees use a local non-privileged account to log into their laptop then MFA is not required to protect the account however using MFA is always advised. If you have local admin accounts on your systems protect them with MFA. Protect all accounts used to access cloud services (e.g., Office 365) with MFA. Require MFA for remote VPN connections. Setup MFA for SSH connections.
CMMC 1.0 IA.3.083 Scenario(s):
- Scenario 1:
You use active directory to manage user accounts for your systems. As a result, most access to your systems occurs over the network. To protect these accounts you use multifactor authentication.
- Scenario 2:
You have a small company with 10 employees. All employees log into their workstations using their local unprivileged user accounts. Because the accounts are accessed locally and are unprivileged you have not protected them with MFA. The employees workstations do have a local admin account used by your system administrator. Each of the local admin accounts is protected by MFA because they are privileged accounts.
Discover Our Cybersecurity Complaince Solutions:
NIST SP 800-171 & CMMC Compliance
Whether you need to meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements, help your clients meet them, or verify sub-contractor compliance we have the expertise and solution for you.
Whether you need to meet and maintain your HIPAA compliance requirements or help your clients meet them we have the expertise and solution for you.