[et_pb_section fb_built=”1″ _builder_version=”3.22″][et_pb_row _builder_version=”3.25″ background_size=”initial” background_position=”top_left” background_repeat=”repeat”][et_pb_column type=”4_4″ _builder_version=”3.0.47″ custom_padding=”|||” custom_padding__hover=”|||”][et_pb_text _builder_version=”4.9.2″ vertical_offset_tablet=”0″ horizontal_offset_tablet=”0″ hover_enabled=”0″ z_index_tablet=”0″ text_text_shadow_horizontal_length_tablet=”0px” text_text_shadow_vertical_length_tablet=”0px” text_text_shadow_blur_strength_tablet=”1px” link_text_shadow_horizontal_length_tablet=”0px” link_text_shadow_vertical_length_tablet=”0px” link_text_shadow_blur_strength_tablet=”1px” ul_text_shadow_horizontal_length_tablet=”0px” ul_text_shadow_vertical_length_tablet=”0px” ul_text_shadow_blur_strength_tablet=”1px” ol_text_shadow_horizontal_length_tablet=”0px” ol_text_shadow_vertical_length_tablet=”0px” ol_text_shadow_blur_strength_tablet=”1px” quote_text_shadow_horizontal_length_tablet=”0px” quote_text_shadow_vertical_length_tablet=”0px” quote_text_shadow_blur_strength_tablet=”1px” header_text_shadow_horizontal_length_tablet=”0px” header_text_shadow_vertical_length_tablet=”0px” header_text_shadow_blur_strength_tablet=”1px” header_2_text_shadow_horizontal_length_tablet=”0px” header_2_text_shadow_vertical_length_tablet=”0px” header_2_text_shadow_blur_strength_tablet=”1px” header_3_text_shadow_horizontal_length_tablet=”0px” header_3_text_shadow_vertical_length_tablet=”0px” header_3_text_shadow_blur_strength_tablet=”1px” header_4_text_shadow_horizontal_length_tablet=”0px” header_4_text_shadow_vertical_length_tablet=”0px” header_4_text_shadow_blur_strength_tablet=”1px” header_5_text_shadow_horizontal_length_tablet=”0px” header_5_text_shadow_vertical_length_tablet=”0px” header_5_text_shadow_blur_strength_tablet=”1px” header_6_text_shadow_horizontal_length_tablet=”0px” header_6_text_shadow_vertical_length_tablet=”0px” header_6_text_shadow_blur_strength_tablet=”1px” box_shadow_horizontal_tablet=”0px” box_shadow_vertical_tablet=”0px” box_shadow_blur_tablet=”40px” box_shadow_spread_tablet=”0px” sticky_enabled=”0″]<\/p>\n
[\/et_pb_text][et_pb_text _builder_version=”4.4.3″ vertical_offset_tablet=”0″ horizontal_offset_tablet=”0″ custom_margin=”||||false|false” custom_padding=”20px|20px|20px|20px|false|false” z_index_tablet=”0″ text_text_shadow_horizontal_length_tablet=”0px” text_text_shadow_vertical_length_tablet=”0px” text_text_shadow_blur_strength_tablet=”1px” link_text_shadow_horizontal_length_tablet=”0px” link_text_shadow_vertical_length_tablet=”0px” link_text_shadow_blur_strength_tablet=”1px” ul_text_shadow_horizontal_length_tablet=”0px” ul_text_shadow_vertical_length_tablet=”0px” ul_text_shadow_blur_strength_tablet=”1px” ol_text_shadow_horizontal_length_tablet=”0px” ol_text_shadow_vertical_length_tablet=”0px” ol_text_shadow_blur_strength_tablet=”1px” quote_text_shadow_horizontal_length_tablet=”0px” quote_text_shadow_vertical_length_tablet=”0px” quote_text_shadow_blur_strength_tablet=”1px” header_text_shadow_horizontal_length_tablet=”0px” header_text_shadow_vertical_length_tablet=”0px” header_text_shadow_blur_strength_tablet=”1px” header_2_text_shadow_horizontal_length_tablet=”0px” header_2_text_shadow_vertical_length_tablet=”0px” header_2_text_shadow_blur_strength_tablet=”1px” header_3_text_shadow_horizontal_length_tablet=”0px” header_3_text_shadow_vertical_length_tablet=”0px” header_3_text_shadow_blur_strength_tablet=”1px” header_4_text_shadow_horizontal_length_tablet=”0px” header_4_text_shadow_vertical_length_tablet=”0px” header_4_text_shadow_blur_strength_tablet=”1px” header_5_text_shadow_horizontal_length_tablet=”0px” header_5_text_shadow_vertical_length_tablet=”0px” header_5_text_shadow_blur_strength_tablet=”1px” header_6_text_shadow_horizontal_length_tablet=”0px” header_6_text_shadow_vertical_length_tablet=”0px” header_6_text_shadow_blur_strength_tablet=”1px” border_width_all=”1px” border_color_all=”#bcbcbc” box_shadow_style=”preset1″ box_shadow_horizontal_tablet=”0px” box_shadow_vertical_tablet=”0px” box_shadow_blur_tablet=”40px” box_shadow_spread_tablet=”0px”]<\/p>\n
\nLinks to Publicly Available Resources<\/p>\n
This video consists of a panel of cybersecurity experts discussing advanced MFA bypass techniques and examining how their clients have enhanced their cybersecurity posture to respond.<\/p><\/li>\n Webinar presented by Thales and Verasec on challenges and best practices for deploying and managing FIDO (phishing-resistant MFA).<\/p><\/li>\n This document provides self-assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 1.<\/p><\/li>\n CISA's guide for getting started with MFA in your business and personal life.<\/p><\/li>\n This article highlights MFA and the necessity to implement to all privileged account access and users who access network resources.<\/p><\/li>\n This guide aims to aid existing and new Duo customers in securing their MFA rollout at their respective organizations.<\/p><\/li>\n Learn what to look for when assessing and comparing two-factor authentication solutions.<\/p><\/li>\n Duo's wide variety of authentication methods make it easy for every user to securely and quickly log in.<\/p><\/li>\n This example procedure from the EPA describes how the agency is to implement security control requirements for the NIST SP 800-53 Identification and Authentication (IA) control family.<\/p><\/li>\n Gartner's user authentication product reviews and ratings<\/p><\/li>\n Guide to enable Multi-factor autheitication for Active Directory Federation Services (AD FS) in Windows Server. Also provide guides for use of common Third-party authentication methods (i.e., Duo, Akamai, RSA, etc.,)<\/p><\/li>\n This guide is intended to provide small and medium-sized organizations with guidance for using Microsoft 365 (M365) to satisfy the Cybersecurity Maturity Model Certification (CMMC) Level 1 requirements.<\/p><\/li>\n Guide for enforcing MFA for Microsoft 365<\/p><\/li>\n Microsoft Entra ID meets identity-related practice requirements in each Cybersecurity Maturity Model Certification (CMMC) level. To be compliant with requirements in CMMC, it's the responsibility of companies performing work with, and on behalf of, the US Dept. of Defense (DoD) to complete other configurations or processes. In CMMC Level 1, there are three domains that have one or more practices related to identity: Access Control (AC), Identification and Authentication (IA), and System and Information integrity (SI)<\/p><\/li>\n Focused on securing Controlled Unclassified Information, this work highlights how Virtual Desktop Infrastructure (VDI) reduces endpoint risk and aligns with CMMC requirements across the defense industrial base.<\/p><\/li>\n This NIST Special Publication covers identity proofing and authentication of users interacting with government IT systems over open networks.<\/p><\/li>\n This NIST Special Publication provides technical requirements for federal agencies implementing digital identity services.<\/p><\/li>\n This blog post describes why multifactor authentication (MFA) is important for remote access.<\/p><\/li>\n This cheat sheet from OWASP provides general authentication guidelines.<\/p><\/li>\n The scope of this test is to verify if it is possible to collect a set of valid usernames by interacting with the authentication mechanism of the application.<\/p><\/li>\n OpenOTP is a phishing-resistant MFA solution.<\/p><\/li>\n Secure access to your extended enterprise with RSA SecurID Access, the leading multi-factor authentication and identity assurance solution.<\/p><\/li>\n This SANS guideline provides best practices for creating secure passwords.<\/p><\/li>\n This is a sample password protection policy from SANS.<\/p><\/li>\n This SANS whitepaper generalizes several authentication methods and authentication protocols.<\/p><\/li>\n This SANS whitepaper looks at the use of biometrics technology to determine how secure it might be in authenticating users.<\/p><\/li>\n This SANS whitepaper discusses implementing an additional security layer for wired networks.<\/p><\/li>\n This SANS whitepaper focuses on enterprise solutions for two-factor authentication.<\/p><\/li>\n More on Two-Factor Authentication and it's ineffectivenss defense against identity theft.<\/p><\/li>\n This example policy from the State of Georgia provides a starting point for system maintenance.<\/p><\/li>\n This whitepaper is directed at IT, Security, and Compliance workers who are responsible for recommending or evaluating security products; or running and managing two-factor authentication infrastructure.<\/p><\/li>\n Gemalto's identity and access management (IAM) solutions allow organizations to meet the evolving needs around cloud applications and mobile devices.<\/p><\/li>\n This YouTube video discusses identification and authentication issues in the context of computer security.<\/p><\/li>\n In this edition of the On Call Compliance Solutions Compliance Tip of the Week, we focus on individual authenticators including passwords, key cards, cryptographic devices, and one-time password devices. Let\u2019s talk about NIST 800-171 Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems.<\/p><\/li>\n Yubikey is a phishing-resistant MFA that stops modern cyber-attacks.<\/p><\/li>\n\t<\/ul>\n<\/div>\n\n