Nested Knowledge

Bringing Systematic Review to Life

User Tools

Site Tools

Trace:
wiki:policies:dualauth

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
wiki:policies:dualauth [2022/01/21 21:21]
katcow 		wiki:policies:dualauth [2023/10/06 21:53] (current)
katcow
Line 10: Line 10:
 ===== III. Policy ===== ===== III. Policy =====
  
-Nested Knowledge will implement multi-factor authentication (MFA) on an ad-hoc basis. We will evaluate the risk and sensitivity or personal and organizational data, such as personal employee data, user data, intellectual property, and financial information, on an ongoing basis. Evaluation will be based on our data classification system.+Nested Knowledge will require multi-factor authentication (MFA) on all internal systems by default. Nested Knowledge will make exceptions on an ad-hoc basis. We will evaluate the risk and sensitivity or personal and organizational data, such as personal employee data, user data, intellectual property, and financial information, on an ongoing basis. Evaluation will be based on our data classification system.
  
 ==== Communication ==== ==== Communication ====
Line 27: Line 27:
  
 In cases where a client grants Nested Knowledge access to data with the explicit requirement of multi-factor or other authentication in order to access the data, we will adhere to the level of authentication required by the client. Where clients upload data to the Nested Knowledge platform or to any cloud managed by Nested Knowledge without explicit requirement, we will adhere to the level of authentication outlined in this policy. In cases where a client grants Nested Knowledge access to data with the explicit requirement of multi-factor or other authentication in order to access the data, we will adhere to the level of authentication required by the client. Where clients upload data to the Nested Knowledge platform or to any cloud managed by Nested Knowledge without explicit requirement, we will adhere to the level of authentication outlined in this policy.
 +
 +=== Cloud Based Applications ===
 +
 +Our most sensitive systems, such as our cloud resources on AWS do require MFA–we use virtual MFA device authentication (specifically, the Google Authenticator app.
  
 ===== Revision History ===== ===== Revision History =====
  
 ^Author^Date of Revision/Review^Comments| ^Author^Date of Revision/Review^Comments|
 +|K. Cowie|10/06/2023|Updated|
 |K. Cowie|11/24/2021|In progress.| |K. Cowie|11/24/2021|In progress.|
 |K. Holub|11/24/2021| | |K. Holub|11/24/2021| |
 |K. Kallmes|11/26/2021|Draft approved| |K. Kallmes|11/26/2021|Draft approved|
 +
 +[[:wiki:policies|Return to Policies]]
  
  
wiki/policies/dualauth.1642800073.txt.gz · Last modified: 2022/01/21 21:21 by katcow

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki