Using Multi-Factor Authentication to Solve Compliance Requirements on Nonstop

June 2, 2023 Blog

What is Multi-Factor Authentication?

Multi-factor authentication (MFA) is a security measure that requires two or more methods of authentication, from independent categories of credentials, to verify a user’s identity for a login or other transaction.

In other words, multi-factor authentication verifies that the person attempting to perform a transaction is who they say they are, by requiring two or more pieces of evidence (factors) to an authentication request.

These factors can be categorized into the following:

  • Knowledge – Something only the user knows, e.g. password
  • Possession – Something only the user has, e.g. token
  • Inherence – Something only the user is, e.g. fingerprint/biometrics

The authentication mechanisms used for MFA should be independent of one another such that access to one factor does not grant access to any other factor, and the compromise of any one factor does not affect the integrity or confidentiality of any other factor.

What does PCI say about Multi-Factor Authentication?

One of the key changes to PCI DSS is an update to requirement 8.3, which now calls for organizations to strengthen their access security with MFA instead of the previously stated two-factor authentication. By changing the terminology of requirement 8.3, two forms of authentication are now the minimum requirement.

As detailed in PCI DSS requirement 3.2, any individuals with non-console administrative access to  Cardholder Data Environment (CDE) must authenticate using MFA. “Non-console administrative access” means that the system is accessed over a network, as opposed to the system’s local screen and keyboard. This applies regardless of whether the individual is an employee or third-party IT support personnel.

For more information on CSP solutions visit www.cspsecurity.com

For complimentary access to CSP-Wiki®, an extensive repository of NonStop security knowledge and best practices, please visit wiki.cspsecurity.com

We Built the Wiki for NonStop Security ®

Regards,

The CSP Team              

+1(905) 568 – 8900