YALE-MSS-9.6: Require Multifactor Authentication (MFA) for access to authenticated systems

Standards Group:
YALE-MSS-9: Authentication and Authorization

YALE-MSS-9.6: Require Multifactor Authentication (MFA) for access to authenticated systems

Low Risk Endpoint Required for IA Moderate Risk Endpoint Required for IA High Risk Endpoint Required for IA Low Risk Server Upcoming Required for IA Moderate Risk Server Upcoming Required for IA High Risk Server Upcoming Required for IA Low Risk Mobile Device Not Required Moderate Risk Mobile Device Not Required High Risk Mobile Device Not Required Low Risk Network Printer Required for IA Moderate Risk Network Printer Required for IA High Risk Network Printer Required for IA

Details

This control applies to user access that requires authentication across a network.

Web applications should use Yale's approved single sign on (SSO) methods that provide MFA -- CAS, Shibboleth, Azure AD.

SSH with public key authentication meets the requirement.

SSH with DUO MFA meets the requirement.

SSH with certificates meets the requirement.