CMMCDocs.comMFA
Also known as: Multifactor Authentication · 2FA
Multifactor authentication — requiring two or more authentication factors to access a system. Mandatory under multiple NIST SP 800-171 requirements.
Multifactor authentication (MFA) requires a user to present two or more authentication factors from different categories — something you know (a password), something you have (a hardware token, a phone), or something you are (a biometric) — to gain access to a system.
For CMMC Level 2, MFA is mandated by AC.L2-3.1.13 (multifactor authentication for remote and privileged access) and IA.L2-3.5.3 (multifactor for local privileged and network non-privileged access).
Acceptable MFA implementations include hardware tokens (YubiKey), software tokens (Authenticator apps), push notifications (Duo, Okta Verify), and certificate-based authentication. SMS-based MFA is increasingly discouraged because of SIM-swap attacks.
Stop Googling. Start working.
CMMCDocs has all 110 NIST SP 800-171 Rev 2 requirements built in — with the language, the templates, and the evidence vault you need. Spin up a free demo workspace and click around the way an assessor would.
Get my demo account