To assure accountability, prevent unauthenticated access, and prevent misuse of the system, privileged users must use multifactor authentication for local access.
Multifactor authentication is defined as: using two or more factors to achieve authentication.
Factors include:
(i) Something a user knows (e.g., password/PIN);
(ii) Something a user has (e.g., cryptographic identification device, token); or
(iii) Something a user is (e.g., biometric).
A non-privileged account is defined as an information system account with authorizations of a regular or non-privileged user.
Local access is defined as access to an organizational information system by a user (or process acting on behalf of a user) communicating through a direct connection without the use of a network.
Applications integrating with the DoD Active Directory and using the DoD CAC are examples of compliant multifactor authentication solutions. |