Using Multi-Factor Authentication to Solve Compliance Requirements on Nonstop
What is Multi-Factor Authentication?
Multi-factor authentication (MFA) is a security measure that requires two or more methods of authentication, from independent categories of credentials, to verify a user’s identity for a login or other transaction.
In other words, multi-factor authentication verifies that the person attempting to perform a transaction is who they say they are, by requiring two or more pieces of evidence (factors) to an authentication request.
These factors can be categorized into the following:
- Knowledge – Something only the user knows, e.g. password
- Possession – Something only the user has, e.g. token
- Inherence – Something only the user is, e.g. fingerprint/biometrics
The authentication mechanisms used for MFA should be independent of one another such that access to one factor does not grant access to any other factor, and the compromise of any one factor does not affect the integrity or confidentiality of any other factor.
What does PCI say about Multi-Factor Authentication?
One of the key changes to PCI DSS is an update to requirement 8.3, which now calls for organizations to strengthen their access security with MFA instead of the previously stated two-factor authentication. By changing the terminology of requirement 8.3, two forms of authentication are now the minimum requirement.
As detailed in PCI DSS requirement 3.2, any individuals with non-console administrative access to Cardholder Data Environment (CDE) must authenticate using MFA. “Non-console administrative access” means that the system is accessed over a network, as opposed to the system’s local screen and keyboard. This applies regardless of whether the individual is an employee or third-party IT support personnel.
A New Solution for MFA – CSP Authenticator+
Multi-Factor authentication has become vital in ensuring secure access to systems. The new CSP Authenticator+ provides a REST interface to support multi-factor logins to NonStop systems. Methods supported include RSA SecurID, Email, Text Message and Google Authenticate. Many new methods are planned for the future.
CSP Authenticator+ can provide authentication services via Safeguard Authentication SEEP, Pathway servers or Non-Pathway servers.
Key features include:
- Support for multiple authentication factors, including SecurID (RSA) tokens
- Standardized authentication across platforms
- Configurable for all or selected users
- Certified for the latest RSA release
- Support for virtual addressing
Introducing Protect-X® 4.0
Protect-X® user interface
- Multi-factor authentication support
- Guardian file permissions management
- Guardian user and alias hardening & compliance
- OSS file security management & hardening
- Enhanced file access reports
Protect-X® allows you to easily ensure compliance, assess risk and manage security of your hybrid platforms.
For more information on CSP solutions visit www.cspsecurity.com
For complimentary access to CSP-Wiki®, an extensive repository of NonStop security knowledge and best practices, please visit wiki.cspsecurity.com
We Built the Wiki for NonStop Security ®
The CSP Team
+1(905) 568 – 8900