Secure Req 8

From IDESG Wiki
Jump to navigation Jump to search

<< Back to Baseline Functional Requirements Index

SECURE-8. MULTIFACTOR AUTHENTICATION

Entities that authenticate a USER MUST offer authentication mechanisms which augment or are alternatives to a password.

SUPPLEMENTAL GUIDANCE

Entities must offer users an authentication mechanism other than single-factor authentication based on a password as a shared secret. Examples include (but are not limited to): “something-you-have” (e.g., computing device, USB token, mobile phone, key fob, etc.) or “something-you-are” (e.g., biometric), or a combination of these. The additional or alternative mechanism(s) must ensure the binding and integration necessary for use as an authentication mechanism. See SECURE-9 (AUTHENTICATION RISK ASSESSMENT) and its Supplemental Guidance for more information about choosing risk appropriate authentication mechanisms.

REFERENCES

NIST SP 800-63-2

APPLIES TO ACTIVITIES

AUTHENTICATION

KEYWORDS

AUTHENTICATION, MULTIFACTOR, SECURITY, TOKEN



Quick Links: SALS | Baseline Functional Requirements v1.0 | Glossary |