💼 IA-2(6) Access to Accounts —separate Device (M)(H)
- Contextual name: 💼 IA-2(6) Access to Accounts —separate Device (M)(H)
- ID:
/frameworks/fedramp-high-security-controls/ia/02/06 - Located in: 💼 IA-2 Identification and Authentication (Organizational Users) (L)(M)(H)
Description
Implement multi-factor authentication for [FedRAMP Assignment: local, network and remote] access to [FedRAMP Assignment: privileged accounts; non-privileged accounts] such that:
(a) One of the factors is provided by a device separate from the system gaining access; and
(b) The device meets [FedRAMP Assignment: FIPS-validated or NSA-approved cryptography].
IA-2 (6) Additional FedRAMP Requirements and Guidance:
Guidance: PIV=separate device. Please refer to NIST SP 800-157 Guidelines for Derived Personal Identity Verification (PIV) Credentials.
Guidance: See SC-13 Guidance for more information on FIPS-validated or NSA-approved cryptography.
Similar
- Sections
/frameworks/nist-sp-800-53-r5/ia/02/06
- Internal
- ID:
dec-c-3e8bd6ae
- ID:
Similar Sections (Take Policies From)
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| 💼 NIST SP 800-53 Revision 5 → 💼 IA-2(6) Identification and Authentication (organizational Users) _ Access to Accounts —separate Device | 2 |
Similar Sections (Give Policies To)
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| 💼 FedRAMP Moderate Security Controls → 💼 IA-2(6) Access to Accounts —separate Device (M)(H) | 2 |
Sub Sections
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|
Policies (2)
| Policy | Logic Count | Flags |
|---|---|---|
| 📝 AWS Account Root User Hardware MFA is not enabled. 🟢 | 🟢 x3 | |
| 📝 AWS IAM User MFA is not enabled for all users with console password 🟢 | 1 | 🟢 x6 |