Reply To: Multifactor Authentication – Meeting IA-2 Controls

I believe that your assumption is correct. But, your explanation that this is internal comms within the IS makes me second guess myself. Not sure you would classify internal comms within the IS as “network access” since these controls relate to access to the IS, not within.