Multifactor authentication (MFA) to an information system, as described by The DoD, uses two or more methods of authentication involving something you know (e.g., password); something you have (e.g., a One-Time Password (OTP) generating device like a fob, smart-card, or a mobile app on a smart-phone); and something you are (e.g., a biometric like a fingerprint or iris). The traditional authentication method uses a single factor, typically a password, while multifactor authentication requires that a second factor also be used such as PIN sent via a text message (using something you have – the cell phone) or something you are (fingerprint). (Source)
This webinar discusses practices for making secure, modern authentication fast and easy. This video is a quick introduction to the problems faced with common MFA systems. This blog details security improvements that can be used to combat password spraying. This article highlights MFA and the necessity to implement to all privileged account access and users who access network resources. Learn what to look for when assessing and comparing two-factor authentication solutions. Duo's wide variety of authentication methods make it easy for every user to securely and quickly log in. Secure access to your extended enterprise with RSA SecurID Access, the leading multi-factor authentication and identity assurance solution. This SANS whitepaper discusses the theory behind user-based two-factor (or multifactor) authentication systems, also known as “2FA”. This SANS whitepaper focuses on enterprise solutions for two-factor authentication. More on Two-Factor Authentication and it's ineffectivenss defense against identity theft. This example policy from the State of Alabama provides a starting point for system maintenance. This whitepaper is directed at IT, Security, and Compliance workers who are responsible for recommending or evaluating security products; or running and managing two-factor authentication infrastructure. Gemalto's identity and access management (IAM) solutions allow organizations to meet the evolving needs around cloud applications and mobile devices.
- CMMC Level 1 Assessment Guide
This document provides assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 1.
- CMMC Level 2 Assessment Guide
This document provides assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 2.
- NIST – Multi-Factor Authentication and SP 800-63 Digital Identity Guidelines
This slide presentation identifies Multi-factor Authentication background information and NIST directives.
- NIST SP 800-171A Assessing Security Requirements for Controlled Unclassified Information
The purpose of this publication is to provide procedures for assessing the CUI requirements in NIST Special Publication 800-171.
- NIST SP 800-53: IA-2 Identification and Authentication (Organization Users)
The information system uniquely identifies and authenticates organizational users (or processes acting on behalf of organizational users).
- NIST SP 800-63 Digital Identity Guidelines
This NIST Special Publication covers identity proofing and authentication of users interacting with government IT systems over open networks.
- NIST SP 800-63 Digital Identity Guidelines Frequently Asked Questions
This list covers NIST FAQs for Special Publication (SP) 800-63, Digital Identity Guidelines and provides additional clarification to stakeholders.