OM-BP-0006: Enforce MFA on network access for support (Best Practice)
- David Doret
ID | OM-BP-0006 |
|---|---|
Name | Enforce MFA on network access for support |
Status | Active |
Version |
|
Best Practice | Assure network access for support (i.e. by third parties) is secured with MFA |
Rationale
Threat actors may compromise the supply chain to gain an entry point for attacks.
Sample 3rd Parties
IT Service Providers
Managed Service Providers
IT Outsourcing Partners
Bad Practices
Allow network access for support (i.e. by third parties) without MFA
Continuous Improvement
N/A
Implementation Details
Manage the lifecycle of third parties
Have a security vetting and review process for third parties
Have an inventory of authorized third parties
Assure ownership of and accountability over third parties
Quotes
To limit the risk of attack, organizations should vet their service providers to ensure they follow best practices for least privilege access on accounts and services. Access to the network for support should be monitored and secured via multi-factor authentication (MFA) and just-in-time access.
(Microsoft, 2020(2) , p. 28)
Bibliography
Related Best Practices
Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.
This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.
