CMMC Practice IA.3.083: Use multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts.
CMMC CLARIFICATION (Ref CMMC – Appendix B)
Implement a combination of two or more factors of authentication to verify privileged account holders’ identity regardless of how the user is accessing the account. Implement a combination of two or more factors for non-privileged users requiring network access. These factors include:
- something you know (e.g., password/PIN);
- something you have (e.g., token); and
- something you are (e.g., biometrics).