πΌ IA-2(1) Multi-factor Authentication to Privileged Accounts (L)(M)(H)
- Contextual name: πΌ IA-2(1) Multi-factor Authentication to Privileged Accounts (L)(M)(H)
- ID:
/frameworks/fedramp-high-security-controls/ia/02/01 - Located in: πΌ IA-2 Identification and Authentication (Organizational Users) (L)(M)(H)
Descriptionβ
Implement multi-factor authentication for access to privileged accounts.
IA-2 (1) Additional FedRAMP Requirements and Guidance:
Guidance: Multi-factor authentication to subsequent components in the same user domain is not required.
Requirement: According to SP 800-63-3, SP 800-63A (IAL), SP 800-63B (AAL), and SP 800-63C (FAL).
Requirement: Multi-factor authentication must be phishing-resistant.
Similarβ
- Sections
/frameworks/nist-sp-800-53-r5/ia/02/01
- Internal
- ID:
dec-c-b969b124
- ID:
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ NIST SP 800-53 Revision 5 β πΌ IA-2(1) Identification and Authentication (organizational Users) _ Multi-factor Authentication to Privileged Accounts | 2 |
Similar Sections (Give Policies To)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ FedRAMP Low Security Controls β πΌ IA-2(1) Multi-factor Authentication to Privileged Accounts (L)(M)(H) | 2 | |||
| ���πΌ FedRAMP Moderate Security Controls β πΌ IA-2(1) Multi-factor Authentication to Privileged Accounts (L)(M)(H) | 2 |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|
Policies (2)β
| Policy | Logic Count | Flags |
|---|---|---|
| π AWS Account Root User Hardware MFA is not enabled. π’ | π’ x3 | |
| π AWS IAM User MFA is not enabled for all users with console password π’ | 1 | π’ x6 |