Navigate

IA-2(7)

IA-2(7): Network Access to Non-privileged Accounts - Separate Device

The information system implements multifactor authentication for network access to non-privileged accounts such that one of the factors is provided by a device separate from the system gaining access and the device meets [organization-defined strength of mechanism requirements].

Supplemental

CIA Levels
Confidentiality	unknown
Integrity	unknown
Availability	unknown

Overlays
None

CSF Categories
None

Related Controls

The controls below (if any) were marked by NIST as being related to IA-2(7).

Control	Description
No controls

Enhancements

The controls below (if any) add on to the requirements of IA-2(7).

Control	Description
No controls

Related CCIs

The CCIs below are tied to IA-2(7).

CCI	Definition
CCI-001938	The organization defines the strength of mechanism requirements for the device that is separate from the system gaining access to non-privileged accounts.
CCI-001939	The information system implements multifactor authentication for network access to non-privileged accounts such that one of the factors is provided by a device separate from the system gaining access.
CCI-001940	The device used in the information system implementation of multifactor authentication for network access to non-privileged accounts meets organization-defined strength of mechanism requirements.