IA-2.6: Access to Accounts —separate Device

Statement

• Implement multi-factor authentication for ia-02.06_odp.01 access to ia-02.06_odp.02 such that:

  • (a)

    One of the factors is provided by a device separate from the system gaining access; and

  • (b)

    The device meets strength of mechanism requirements .

  • • Guidance:

      PIV=separate device. Please refer to NIST SP 800-157 Guidelines for Derived Personal Identity Verification (PIV) Credentials.

    • Guidance:

      See SC-13 Guidance for more information on FIPS-validated or NSA-approved cryptography.