Blog

The intent of Multi-Factor Authentication for your company

The intent of multi-factor authentication (MFA) is to provide a higher degree of assurance of the identity of the
individual attempting to access a resource, such as physical location, computing device, network or a database.
MFA creates a multi-layered mechanism that an unauthorised user would have to defeat in order to gain access.
This document describes the industry-accepted principles and best practices associated with multi-factor
authentication. The guidance in this document is intended for any organisation evaluating, implementing, or
upgrading a MFA solution, as well as providers of MFA solutions.
PCI DSS requires MFA to be implemented as defined in Requirement 8.3 and its sub-requirements1. Guidance
on the intent of these requirements is provided in the Guidance column of the standard, which includes; “Multi-factor authentication requires an individual to present a minimum of two separate forms of authentication (as described in Requirement 8.2), before access is granted.” The additional guidance in this document does not extend the PCI DSS requirement beyond what is stated in the standard.
While PCI DSS Requirement 8.3 does not currently require organisations to validate their MFA implementation to all the principles described in this guidance document, these principles may be incorporated in a future revision of the standard. Organisations are therefore strongly encouraged to evaluate all new and current MFA implementations for conformance to these principles.
Find out more in this Multi-Factor Authentication Guide.
>

Protect tomorrow, today.
Get in touch.

Google PlusArtboard 101Artboard 101Artboard 101Artboard 101Artboard 101Artboard 101