Navigate

IA-2 (6)

IA-2 (6): Network Access To Privileged Accounts - Separate Device

The information system implements multifactor authentication for network access to privileged accounts such that one of the factors is provided by a device separate from the system gaining access and the device meets [Assignment: organization-defined strength of mechanism requirements].

Supplemental

None

CIA Levels
Confidentiality	unknown
Integrity	unknown
Availability	unknown

Overlays
NC3, Privacy (High), Privacy (Mod)

Related Controls

The controls below (if any) were marked by NIST as being related to IA-2 (6).

Control	Description
AC-6	The organization employs the principle of least privilege, allowing only authorized accesses for users (or processes acting on behalf of users) which are necessary to accomplish assigned tasks in accordance with organizational missions and business functions.

Enhancements

The controls below (if any) add on to the requirements of IA-2 (6).

Control	Description
No controls

Related CCIs

The CCIs below are tied to IA-2 (6).

CCI	Definition
CCI-001935	The organization defines the strength of mechanism requirements for the device that is separate from the system gaining access to privileged accounts.
CCI-001936	The information system implements multifactor authentication for network access to privileged accounts such that one of the factors is provided by a device separate from the system gaining access.
CCI-001937	The device used in the information system implementation of multifactor authentication for network access to privileged accounts meets organization-defined strength of mechanism requirements.