Multi-factor authentication is used to authenticate users to their organisation’s online services that process, store or communicate their organisation’s sensitive data.
Topic
Multi-factor authentication
Applicable to
all
History
Priority
Must
Dec 2023
Multi-factor authentication is used to authenticate users to their organisation’s online services that process, store or communicate their organisation’s sensitive data.
The existing control relating to multi-factor authentication being used to authenticate users to their organisation’s online services was amended to clarify that it relates to their organisation’s online services that process, store or communicate their organisation’s sensitive data.
Sep 2023
Multi-factor authentication is used to authenticate users to their organisation’s online services.
References to ‘internet-facing services’ were replaced with ‘online services’.
Sep 2023
Multi-factor authentication is used to authenticate users to their organisation’s online services.
hree existing controls relating to using multi-factor authentication to authenticate users of online services were reworded to ensure consistency of language with similar controls. [ISM-1504, ISM-1679, ISM-1680]
Nov 2018
Multi-factor authentication is used to authenticate all users of remote access solutions.
Added to address a gap in guidance on multi-factor authentication.