Cyber & IT Supervisory Forum - November 2023
Internal Use Only
R ‐ SAT v. 2.0: Question 13
NEW: New question. Now addresses whether application ‐ based or phishing ‐ resistant MFA methods are being applied (per CISA guidance); provided examples of stronger authentication methods
15
Internal Use Only
R ‐ SAT v. 2.0: Question 13 (continued)
NEW: New sub ‐ question. Asks where/how MFA is used. Added multiple new considerations for PAM, access to external apps hosting NPI, vendor access into networks, internal service accounts, and customers accessing NPI. Added “Other” field for capture of other areas of implementation not listed. Added field for capture of areas where MFA implementation is not planned or has been deferred.
16
Made with FlippingBook - Online catalogs