Require MFA for Remote Network Access

Systems containing important information should be logged in using a multi-authentication logon, also known as either “two-factor”, “multi-factor” or “dual factor” authentication.

For example, when first logging in with a password, a one-time authentication code can also be sent to the user as a text message. In this case, he has been identified by two factors (knowing the password and owning the phone).

Biometric identifiers (eg fingerprint) and other devices can also be used for two-stage authentication. However, it is worth considering the costs and implications for privacy.

MFA is used for administrative access from public networks or through remote management solutions, ensuring strong authentication that uses at least two factors.

MFA is required for accessing important data systems, employing examples like combining a password with a one-time authentication code sent via text message. These measures ensure that remote network access is secured by verifying user identity with multiple factors, thereby enhancing security for sensitive systems and data.

The organization shall ensure that the monitoring and management of remote connections is automated, that remote connections are encrypted to ensure their integrity and reliability, and that remote connections pass only through approved and managed Network Access Control (NAC).

The organization must also make possible for the remote connections to be closed within a specified time.