CMMC Practice Requirement:

Require multifactor authentication to establish nonlocal maintenance sessions via external network connections and terminate such connections when nonlocal maintenance is complete.

CMMC Requirement Explanation:

When a persons remotely connects to a system to conduct maintenance they generally do so with a privileged account. This creates additional risk that can be reduced by requiring multifactor authentication.

Example CMMC Implementation:

When system admins connect to your network via VPN with their privileged accounts require them to authenticate with Multifactor authentication.

Scenario(s):

- Scenario 1:

Alice a system administrator needs to connect to her company's file server from home using a VPN connection. Because she is an admin her account is configured to require multifactor authentication when she connects to the VPN.
 

Discover Our NIST SP 800-171 Solutions:

 /assets/images/compliance_accelerator_white.png

Compliance Accelerator

For contractors seeking compliance
 /assets/images/quantum_assessor_white.png

Quantum Assessor

For IT service providers
 /assets/images/supply_chain_logo_white.png

Supply Chain Verifier

For contractors seeking to verify partner compliance