Baseline Nonbank Cybersecurity Exam Program

Question 20

How is remote access managed for employees, board members, vendors, and customers? What measures does the institution take to provide remote access in a secure manner?

19

Question 21

What access controls are in place for customer accounts and/or portals? Are there different password requirements for employees vs. customers? Are customers required to use multifactor authentication? How many failed login attempts are permitted before a user must reset their password? Are requirements in place for the strength of passwords?

20