IA.3.083 Use multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts.

CMMC Practice IA.3.083: Use multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts.

Links to Publicly Available Resources

CMMC CLARIFICATION (Ref CMMC – Appendix B)

Implement a combination of two or more factors of authentication to verify privileged account holders’ identity regardless of how the user is accessing the account. Implement a combination of two or more factors for non-privileged users requiring network access. These factors include:

  • something you know (e.g., password/PIN);
  • something you have (e.g., token); and
  • something you are (e.g., biometrics).