CMMC Practice MA.L2-3.7.5

Require multifactor authentication to establish non-local maintenance sessions via external network connections and terminate such connections when nonlocal maintenance is complete.

Bold Coast Security Guidance

There is no way to overstate the importance of employing multifactor authentication for all remote access connections. With the prevalence of easy-to-crack passwords, the sophistication of password cracking tools, which include aggregated password data from hundreds of breach events so that "password spraying" is usually successful at compromising user credentials, it is critical to require another user challenge after the username and password are entered. That challenge can be an SMS text message, a code-generator app, a phone call requiring a PIN code be entered, or a code-generating token. The higher the risk of the authentication, the more control should be employed. Remote access connections present high inherent risk due to the fact that remote resources are accessible beyond the physical network you control.
Security Catapult

Be prepared for CMMC

Our Q&A assessment tool is designed by security advisors for MSPs and DoD contractors of all sizes.

Try now for free

Understand your gaps
Security Catapult

Understand your gaps

See compliance gaps, compliance scores and proactive security tasks in a single interface.

Try now for free

Validate NIST SP 800-171
Security Catapult

Validate NIST SP 800-171

Based on your CMMC answers, we let you know where you stand on NIST.

Try now for free

Build a plan of action
Security Catapult

Build a plan of action

Track your burn down and stay on top of security needs.

Try now for free

Build your policy
Security Catapult

Build your policy

Say goodbye to maintaining a security policy. We do it for you.

Try now for free

Discussion From Source

DRAFT NIST SP 800-171 R2 Non-local maintenance and diagnostic activities are those activities conducted by individuals communicating through an external network. The authentication techniques employed in the establishment of these non-local maintenance and diagnostic sessions reflect the network access requirements in IA.3.083.

References