IA-10-727 Adaptive Identification and Authentication

Adaptive Identification and Authentication

IA-10-727
Adaptive Identification and Authentication
Identification and Authentication
NOT SELECTED
P0
No
February 13, 2018

Agency-owned information resources that are accessible from external sources shall employ adaptive authentication whenever possible. At a minimum, all information resources shall employ two-factor authentication from untrusted sources. Additional adaptive controls such as location, client, or user-based risk determination shall be included when supported by the information resource.

Adversaries may compromise individual authentication mechanisms and subsequently attempt to impersonate legitimate users.
The organization requires that individuals accessing the information system employ [Assignment: organization-defined supplemental authentication techniques or mechanisms] under specific [Assignment: organization-defined circumstances or situations].
NA
No statewide control