IA-2(3) states the following –
The information system implements multifactor authentication for network access to non-privileged accounts. (3) IDENTIFICATION AND AUTHENTICATION | LOCAL ACCESS TO PRIVILEGED ACCOUNTS
With this in mind I assume the control makes no distinction between Local Area Access (local network access from within the same IS system) or network access coming in from external networks. Is the assumption correct that you would apply the same measure of Multifactor Authentication to either scenario?
You must be logged in to reply to this topic.