Nested Knowledge

Bringing Systematic Review to Life

User Tools

Site Tools

Trace: Multi-Factor Authentication Format Tables for Submission Anti-Bribery and Ethical Misconduct Policy
wiki:policies:dualauth

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
wiki:policies:dualauth [2021/11/26 20:57]
kevinkallmes 		wiki:policies:dualauth [2023/10/06 21:53] (current)
katcow
Line 3: Line 3:
 ===== I. Purpose ===== ===== I. Purpose =====
  
-This policy outlines our planing related to the implementation of advanced authentication of users who connect to Nested Knowledge information systems. We are committed to protecting the security, privacy, and integrity of Nested Knowledge information systems.+This policy outlines our planning related to the implementation of advanced authentication of users who connect to Nested Knowledge information systems. We are committed to protecting the security, privacy, and integrity of Nested Knowledge information systems.
  
 ===== II. Scope ===== ===== II. Scope =====
Line 10: Line 10:
 ===== III. Policy ===== ===== III. Policy =====
  
-Nested Knowledge will implement multi-factor authentication (MFA) on an ad-hoc basis. We will evaluate the risk and sensitivity or personal and organizational data, such as personal employee data, user data, intellectual property, and financial information, on an ongoing basis. Evaluation will be based on our data classification system.+Nested Knowledge will require multi-factor authentication (MFA) on all internal systems by default. Nested Knowledge will make exceptions on an ad-hoc basis. We will evaluate the risk and sensitivity or personal and organizational data, such as personal employee data, user data, intellectual property, and financial information, on an ongoing basis. Evaluation will be based on our data classification system.
  
 ==== Communication ==== ==== Communication ====
Line 26: Line 26:
 === Authentication with Client Data === === Authentication with Client Data ===
  
-In cases where a clien grants Nested Knowledge access to data with the explicit requirement of multi-factor or other authentication in order to be granted access to client data, we will adhere to the level of authentication required by the client. Where clients upload data to the Nested Knowledge platform or to any cloud managed by Nested Knowledge without explicit requirement, we will adhere to the level of authentication outlined in this policy.+In cases where a client grants Nested Knowledge access to data with the explicit requirement of multi-factor or other authentication in order to access the data, we will adhere to the level of authentication required by the client. Where clients upload data to the Nested Knowledge platform or to any cloud managed by Nested Knowledge without explicit requirement, we will adhere to the level of authentication outlined in this policy
 + 
 +=== Cloud Based Applications === 
 + 
 +Our most sensitive systems, such as our cloud resources on AWS do require MFA–we use virtual MFA device authentication (specifically, the Google Authenticator app.
  
 ===== Revision History ===== ===== Revision History =====
  
 ^Author^Date of Revision/Review^Comments| ^Author^Date of Revision/Review^Comments|
 +|K. Cowie|10/06/2023|Updated|
 |K. Cowie|11/24/2021|In progress.| |K. Cowie|11/24/2021|In progress.|
 |K. Holub|11/24/2021| | |K. Holub|11/24/2021| |
 |K. Kallmes|11/26/2021|Draft approved| |K. Kallmes|11/26/2021|Draft approved|
 +
 +[[:wiki:policies|Return to Policies]]
  
  
wiki/policies/dualauth.1637960246.txt.gz · Last modified: 2021/11/26 20:57 by kevinkallmes

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki