IA-2(1): Identification and Authentication (Organizational Users) – Multifactor Authentication to Privileged Accounts
NIST Baseline: Low
DIR Required By: 11/18/2024
TAMUS Required By: 09/13/2021
Review Date: 07/10/2024
- As specified in Control IA-2, Identification and Authentication (Organizational Users), Multifactor authentication (MFA) should be implemented based on documented risk management decisions for access to privileged or non-privileged accounts where one of the factors is provided by an asset separate from the information being accessed.
- MFA is required for any information resource that stores or processes confidential data, as required by Texas A&M University System (TAMUS) Regulation 29.01.03, Information Security, or critical data.