{"id":1189,"date":"2024-07-17T16:57:37","date_gmt":"2024-07-17T16:57:37","guid":{"rendered":"https:\/\/www.tarleton.edu\/security-controls-catalog\/?page_id=1189"},"modified":"2024-10-03T21:48:46","modified_gmt":"2024-10-03T21:48:46","slug":"ia-21-identification-and-authentication-organizational-users-multifactor-authentication-to-privileged-accounts","status":"publish","type":"page","link":"https:\/\/www.tarleton.edu\/security-controls-catalog\/identification-and-authentication-ia\/ia-21-identification-and-authentication-organizational-users-multifactor-authentication-to-privileged-accounts\/","title":{"rendered":"IA-2(1): Identification and Authentication (Organizational Users) &#8211; Multifactor Authentication to Privileged Accounts"},"content":{"rendered":"\n<h1 class=\"wp-block-heading has-large-font-size\">IA-2(1): Identification and Authentication (Organizational Users) &#8211; Multifactor Authentication to Privileged Accounts<\/h1>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>NIST Baseline: &nbsp;<\/strong>Low&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>DIR Required By: &nbsp;<\/strong>11\/18\/2024&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>TAMUS Required By:<\/strong> &nbsp;09\/13\/2021&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>Review Date: &nbsp;<\/strong>07\/10\/2024&nbsp;<\/h2>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li>As specified in <a href=\"https:\/\/www.tarleton.edu\/security-controls-catalog\/identification-and-authentication-ia\/ia-2-identification-and-authentication-organizational-users\/\" data-type=\"page\" data-id=\"1187\">Control IA-2, Identification and Authentication (Organizational Users)<\/a><strong>, <\/strong>Multifactor authentication (MFA) should be implemented based on documented risk management decisions for access to privileged or non-privileged accounts where one of the factors is provided by an asset separate from the information being accessed.&nbsp;<\/li>\n<\/ol>\n\n\n\n<ol start=\"2\" class=\"wp-block-list\">\n<li>MFA is required for any information resource that stores or processes confidential data, as required by <a href=\"https:\/\/policies.tamus.edu\/29-01-03.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">Texas A&amp;M University System (TAMUS) Regulation 29.01.03, Information Security<\/a>, or critical data.\u00a0<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator alignfull has-text-color has-tarleton-purple-color has-alpha-channel-opacity has-tarleton-purple-background-color has-background is-style-wide\"\/>\n\n\n\n<h3 class=\"wp-block-heading has-medium-font-size\">References\/Additional Resources<\/h3>\n\n\n\n<p><a href=\"https:\/\/policies.tamus.edu\/29-01-03.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">TAMUS Regulation 29.01.03, Information Security<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>IA-2(1): Identification and Authentication (Organizational Users) &#8211; Multifactor Authentication to Privileged Accounts NIST Baseline: &nbsp;Low&nbsp; DIR Required By: &nbsp;11\/18\/2024&nbsp; TAMUS Required By: &nbsp;09\/13\/2021&nbsp; Review Date: &nbsp;07\/10\/2024&nbsp; References\/Additional Resources TAMUS Regulation &#8230;<\/p>\n","protected":false},"author":1,"featured_media":580,"parent":1399,"menu_order":3,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"inline_featured_image":false,"advgb_blocks_editor_width":"","advgb_blocks_columns_visual_guide":"","footnotes":""},"class_list":["post-1189","page","type-page","status-publish","has-post-thumbnail","hentry"],"acf":[],"coauthors":[],"author_meta":{"author_link":"https:\/\/www.tarleton.edu\/security-controls-catalog\/author\/brian-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-3\/","display_name":"brian"},"relative_dates":{"created":"Posted 2 years ago","modified":"Updated 2 years ago"},"absolute_dates":{"created":"Posted on July 17, 2024","modified":"Updated on October 3, 2024"},"absolute_dates_time":{"created":"Posted on July 17, 2024 4:57 pm","modified":"Updated on October 3, 2024 9:48 pm"},"featured_img_caption":"","featured_img":false,"series_order":"","_links":{"self":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1189","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/comments?post=1189"}],"version-history":[{"count":0,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1189\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1399"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/media?parent=1189"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}