CMMC 1.0 Practice IA.3.083 Requirement:

Use multi-factor authentication for local and network access to privileged accounts and for network access to nonprivileged accounts.

CMMC 1.0 IA.3.083 Requirement Explanation:

The traditional authentication uses a single factor, typically a password. Multifactor authentication requires that a second factor also be used. Examples includes a PIN from a mobile or bio metric fingerprint. Multifactor authentication significantly reduces the likely hood of an attacker being able to gain access to your accounts. You need to protect accounts accessed over the network with Multifactor authentication. Network Access means access to a system by a user communicating through a network (e.g., local area network, wide area network, internet). You need to protect privileged local accounts with MFA. Local access means access to a system by a use communicating through a direct connection without the use of a network. An example is the local admin account on laptop.

Example CMMC 1.0 IA.3.083 Implementation:

Implement a multi-factor authentication in your environment. If you use active directory sync it with your Multi-factor authentication (MFA) solution. Any logons occurring over a network need to be protected with MFA. Below are a few common examples: If users are logging into their workstations using their active directory account then setup MFA on the workstation. If employees use a local non-privileged account to log into their laptop then MFA is not required to protect the account however using MFA is always advised. If you have local admin accounts on your systems protect them with MFA. Protect all accounts used to access cloud services (e.g., Office 365) with MFA. Require MFA for remote VPN connections. Setup MFA for SSH connections.

CMMC 1.0 IA.3.083 Scenario(s):

- Scenario 1:

You use active directory to manage user accounts for your systems. As a result, most access to your systems occurs over the network. To protect these accounts you use multifactor authentication.

- Scenario 2:

You have a small company with 10 employees. All employees log into their workstations using their local unprivileged user accounts. Because the accounts are accessed locally and are unprivileged you have not protected them with MFA. The employees workstations do have a local admin account used by your system administrator. Each of the local admin accounts is protected by MFA because they are privileged accounts.
 

Quick & Simple

Discover Our Cybersecurity Compliance Solutions:

Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you

 NIST SP 800-171 & CMMC Compliance App

NIST SP 800-171 & CMMC Compliance

Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
 HIPAA Compliance App

HIPAA Compliance

Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
 FAR 52.204-21 Compliance App

FAR 52.204-21 Compliance

Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
 ISO 27001 Compliance App

ISO 27001 Compliance

Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.