Secure Req 8

From IDESG Wiki
Revision as of 20:35, 10 August 2015 by Paul Knight (Talk) (Supplemental Guidance added from Requirements Package Committe Approved 08062015.doc)

Jump to: navigation, search
Under construction.png This article is under construction and should not be considered complete.
Last modified by Paul Knight

SECURE-8. MULTIFACTOR AUTHENTICATION

Entities that authenticate a USER MUST offer authentication mechanisms which augment or are alternatives to a password.

Supplemental Guidance

Entities MUST offer users an authentication mechanism other than single-factor authentication based on a password as a shared secret. Examples include (but are not limited to): “something-you-have” (e.g., computing device, USB token, mobile phone, key fob, etc.) or “something-you-are” (e.g., biometric), or a combination of these. The additional or alternative mechanism(s) MUST ensure the binding and integration necessary for use as an authentication mechanism. See Requirement #9 and its Supplemental Guidance for more information about choosing risk appropriate authentication mechanisms.

References

NIST SP 800-63

APPLIES TO CORE OPERATIONS

AUTHENTICATION



Quick Links: SALS | Baseline Functional Requirements v1.0 | Glossary |