3.7.5 Multi-Factor Authentication to Establish Non-Local Maintenance Sessions

3.7.5 Require multi-factor authentication to establish non-local maintenance sessions via external network connections and terminate such connections when non-local maintenance is complete.

To go back to the NIST 800-171 Controls page click here.

Guides

• DFARS FAQ Q49
• SANS Institute – Two-Factor Authentication (2FA) using OpenOTP

Example Tools

• Remote Authentication Dial-In User Service (RADIUS)
• Ping Identity
• Quest One Identity

Sample Policy & Procedures

• State of Alabama – Information Technology Policy – Policy 678-00: System Maintenance

Additional Lessons Learned

• CyberSheath – Taking Steps Toward DFARS Compliance: Multi-Factor Authentication

Vendor Documentation

• Citrix Ready – Best Practices for Securing Remote Access with Multi-Factor Authentication