This shows you the differences between two versions of the page.
Next revision | Previous revision Last revision Both sides next revision | ||
wiki:policies:dualauth [2021/11/24 16:58] katcow created |
wiki:policies:dualauth [2023/04/13 15:02] katcow |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Multi-Factor Authentication ====== | ====== Multi-Factor Authentication ====== | ||
- | |||
===== I. Purpose ===== | ===== I. Purpose ===== | ||
- | This policy outlines our plan for authenticating | + | |
+ | This policy outlines our planning related to the implementation of advanced authentication of users who connect to Nested Knowledge | ||
===== II. Scope ===== | ===== II. Scope ===== | ||
- | **Who is affected: ** This policy affects all employees of this Nested Knowledge and its subsidiaries, | ||
- | |||
- | **Affected Systems: ** Server or VPN. | ||
+ | **Who is affected: ** This policy affects all employees, contractors, | ||
===== III. Policy ===== | ===== III. Policy ===== | ||
- | Should Nested Knowledge establish a network, access to the network through remote access will be managed by a Virtual Private Network (VPN). The VPN will request for username and password, and it will require | + | |
+ | Nested Knowledge will implement multi-factor authentication (MFA) on an ad-hoc basis. We will evaluate the risk and sensitivity or personal and organizational data, such as personal employee data, user data, intellectual property, and financial information, | ||
+ | |||
+ | ==== Communication ==== | ||
+ | |||
+ | When a change in the scope or the nature of information handled by Nested Knowledge occurs, our technical and operational leads will alert the CTO that multi-factor authentication may be warranted. If client information is handled, a representative from the client organization will be included in discussions on MFA. After discussion and evaluation of security risks, the CTO will decide whether or not to implement multi-factor authentication. | ||
+ | |||
+ | === Multi-Factor Authentication for Remote Access === | ||
+ | |||
+ | Nested Knowledge has no internal network for employees, therefore multi-factor authentication for remote access is not applicable. | ||
+ | |||
+ | === Multi-Factor Authentication for Financial Information === | ||
+ | |||
+ | At present, Nested Knowledge stores financial information via a cloud-based accounting software. Our security measures for protecting such data are determined by the software. At present, | ||
+ | |||
+ | === Authentication with Client Data === | ||
+ | |||
+ | In cases where a client grants Nested Knowledge access to data with the explicit requirement of multi-factor or other authentication in order to access the data, we will adhere to the level of authentication required by the client. Where clients upload data to the Nested Knowledge platform or to any cloud managed by Nested Knowledge without explicit requirement, | ||
+ | |||
+ | === Cloud Based Applications === | ||
+ | |||
+ | Our most sensitive systems, such as our cloud resources on AWS do require | ||
+ | |||
+ | ===== Revision History ===== | ||
+ | |||
+ | ^Author^Date of Revision/ | ||
+ | |K. Cowie|11/ | ||
+ | |K. Holub|11/ | ||
+ | |K. Kallmes|11/ | ||
+ | |||
+ | [[: |