This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
wiki:policies:dualauth [2021/11/24 19:38] katcow |
wiki:policies:dualauth [2023/10/06 21:53] katcow |
||
---|---|---|---|
Line 2: | Line 2: | ||
===== I. Purpose ===== | ===== I. Purpose ===== | ||
- | This policy outlines our plan for implementing | + | |
+ | This policy outlines our planning related to the implementation of advanced authentication of users who connect to Nested Knowledge information systems. We are committed to protecting the security, privacy, and integrity of Nested Knowledge information systems. | ||
===== II. Scope ===== | ===== II. Scope ===== | ||
- | **Who is affected: ** This policy affects all employees, contractors, | ||
- | **Affected Systems: ** Server or VPN. | ||
+ | **Who is affected: ** This policy affects all employees, contractors, | ||
===== III. Policy ===== | ===== III. Policy ===== | ||
- | Nested Knowledge will implement | + | Nested Knowledge will require |
==== Communication ==== | ==== Communication ==== | ||
- | When a change in the scope or the nature of information handled by Nested Knowledge occurs, our technical and operational leads will alert the CTO that multi-factor authentication may be warranted. If client information is handled, a representative from the client organization will be included in discussions on MFA. After discussion and evaluation of security risks, the CTO will decide whether or not to implement multi-factor authentication. | ||
- | === Multi-Factor Authentication for Remote Access=== | + | When a change in the scope or the nature of information handled by Nested Knowledge occurs, our technical and operational leads will alert the CTO that multi-factor authentication may be warranted. If client information is handled, a representative from the client organization will be included in discussions on MFA. After discussion and evaluation of security risks, the CTO will decide whether or not to implement multi-factor authentication. |
+ | |||
+ | === Multi-Factor Authentication for Remote Access === | ||
Nested Knowledge has no internal network for employees, therefore multi-factor authentication for remote access is not applicable. Should Nested Knowledge establish a network, access to the network through remote access will be managed by a Virtual Private Network (VPN). The VPN will request for username and password, and may involve MFA. | Nested Knowledge has no internal network for employees, therefore multi-factor authentication for remote access is not applicable. Should Nested Knowledge establish a network, access to the network through remote access will be managed by a Virtual Private Network (VPN). The VPN will request for username and password, and may involve MFA. | ||
=== Multi-Factor Authentication for Financial Information === | === Multi-Factor Authentication for Financial Information === | ||
+ | |||
At present, Nested Knowledge stores financial information via a cloud-based accounting software. Our security measures for protecting such data are determined by the software. At present, it requires MFA of all users. The accounting application is a VeriSign SecuredTM product, which is the leading secure sockets layer (SSL) Certificate Authority. It uses firewall protected servers and the encryption technology (128 bit SSL). | At present, Nested Knowledge stores financial information via a cloud-based accounting software. Our security measures for protecting such data are determined by the software. At present, it requires MFA of all users. The accounting application is a VeriSign SecuredTM product, which is the leading secure sockets layer (SSL) Certificate Authority. It uses firewall protected servers and the encryption technology (128 bit SSL). | ||
- | === Authentication with Client Data === | + | === Authentication with Client Data === |
- | In cases where Nested Knowledge | + | |
+ | In cases where a client grants | ||
+ | |||
+ | === Cloud Based Applications === | ||
+ | |||
+ | Our most sensitive systems, such as our cloud resources on AWS do require MFA–we use virtual MFA device authentication (specifically, | ||
===== Revision History ===== | ===== Revision History ===== | ||
^Author^Date of Revision/ | ^Author^Date of Revision/ | ||
+ | |K. Cowie|10/ | ||
|K. Cowie|11/ | |K. Cowie|11/ | ||
- | |K. Holub|| | | + | |K. Holub|11/24/2021| | |
- | |K. Kallmes||| | + | |K. Kallmes|11/26/2021|Draft approved| |
+ | |||
+ | [[: | ||