Using Multi-Factor Authentication to Solve Compliance Requirements on Nonstop

August 2, 2018 Blog

What is Multi-Factor Authentication?

Multi-factor authentication (MFA) is a security measure that requires two or more methods of authentication, from independent categories of credentials, to verify a user’s identity for a login or other transaction.

In other words, multi-factor authentication verifies that the person attempting to perform a transaction is who they say they are, by requiring two or more pieces of evidence (factors) to an authentication request.

These factors can be categorized into the following:

  • Knowledge – Something only the user knows, e.g. password
  • Possession – Something only the user has, e.g. token
  • Inherence – Something only the user is, e.g. fingerprint/biometrics

The authentication mechanisms used for MFA should be independent of one another such that access to one factor does not grant access to any other factor, and the compromise of any one factor does not affect the integrity or confidentiality of any other factor.

What does PCI say about Multi-Factor Authentication?

One of the key changes to PCI DSS is an update to requirement 8.3, which now calls for organizations to strengthen their access security with MFA instead of the previously stated two-factor authentication. By changing the terminology of requirement 8.3, two forms of authentication are now the minimum requirement.

As detailed in PCI DSS requirement 3.2, any individuals with non-console administrative access to  Cardholder Data Environment (CDE) must authenticate using MFA. “Non-console administrative access” means that the system is accessed over a network, as opposed to the system’s local screen and keyboard. This applies regardless of whether the individual is an employee or third-party IT support personnel.

A New Solution for MFA – CSP Authenticator+

Multi-Factor authentication has become vital in ensuring secure access to systems. The new CSP Authenticator+ provides a REST interface  to support multi-factor logins to NonStop systems. Methods supported include RSA SecurID, Email, Text Message and Google Authenticate. Many new methods are planned for the future.

CSP Authenticator+ can provide authentication services via Safeguard Authentication SEEP, Pathway servers or Non-Pathway servers.

Key features include:

  • Support for multiple authentication factors, including SecurID (RSA) tokens
  • Standardized authentication across platforms
  • Configurable for all or selected users
  • Certified for the latest RSA release
  • Support for virtual addressing

Introducing Protect-X® 4.0

Protect-X® user interface

Protect-X® is a browser-based, automated security compliance solution built using the latest JavaScript technologies.  It supports HPE NonStop/X, Virtual NonStop and Linux platforms.  Wholly developed by CSP, Protect X® is built using agent-less design so there is nothing to install on your NonStop servers.  All security is managed off-platform, via very fast and strong encrypted connections. Our latest release of Protect-X® 4.0 includes:

  • Multi-factor authentication support
  • Guardian file permissions management
  • Guardian user and alias hardening & compliance
  • OSS file security management & hardening
  • Enhanced file access reports

Protect-X® allows you to easily ensure compliance, assess risk and manage security of your hybrid platforms.

Test Drive Protect-X® Here

For more information on CSP solutions visit www.cspsecurity.com

For complimentary access to CSP-Wiki®, an extensive repository of NonStop security knowledge and best practices, please visit wiki.cspsecurity.com

We Built the Wiki for NonStop Security ®

Regards,

The CSP Team              

+1(905) 568 – 8900