The U.S. Department of Defense’s new cybersecurity maturity model certification (CMMC) mandates companies with a level 3 cmmc requirement (level 2 for performing remote maintenance) or higher to implement multi-factor authentication (MFA) to protect “controlled unclassified information” (CUI). The requirement for MFA is stated in CMMC practice IA.3.083 and in MA.2.113. Using SAASPASS, a full stack multi-factor authentication solution, companies in the defense industrial base (DIB) can flawlessly meet their CMMC MFA requirements.
SAASPASS is used by organizations such as NASA, Boeing, and Visa. SAASPASS uses a mobile app for authentication that is super user friendly, supports Windows, Mac, Linux, and thousands of applications including Office 365, G-Suite, AWS, and SalesForce. SAASPASS also supports a key fob option.
CMMC Multi-factor Authentication (MFA) Requirement
CMMC practice IA.3.083 requires that companies “Use multifactor authentication for local and network access to privileged accounts for network access to non-privileged accounts.”.
Multi-factor Authentication (MFA) uses two or more methods of authentication before allowing you to access a system such as a laptop, server, or Office 365 account. This authentication method requires a combination of something you know (e.g., password); something you have (e.g., a one-time password generating device like a mobile app); or something you are (e.g., biometric like a fingerprint or iris).
SAASPASS uses a mobile app on your phone (something you have) that securely stores your password (something you know) allowing you to authenticate to your system by literally tapping a button on your phone. This eliminates the need for your users to constantly enter their password and secondary authentication code all the while meeting your CMMC security requirements.
Local access is when a person or process authenticates to a system without the use of a network. An example is logging onto a workstation using a local user account. When entering the password to login to a local account, all authentication occurs on the laptop without the need to communicate with an authentication server (e.g. an active directory server). Network access on the requires the use of a network connection for authentication because the credentials entered by a user are challenged by an authentication server on the network (e.g. an active directory server).
A privileged account is an account that has the ability to perform “security-relevant functions” such as installing applications, changing configuration settings (e.g. the log settings on a computer). Examples of privileged accounts include administrator accounts such as a domain admin account. A person that has been granted a privileged account is known as a “privileged user”. As a general rule of thumb, a non-privileged account is an account that does not have the ability to perform “security-relevant functions” such as regular local user or active directory user account.
- Privileged accounts can change important security and systems settings, and non-privileged accounts can not (generally).
- SAASPASS provides MFA for both privileged and non-privileged accounts whether they are local or network accounts.
SAASPASS is Full Stack, So Are Your CMMC Requirements
Your organization needs to protect it’s controlled unclassified information (CUI) wherever it is located. SAASPASS is the only Full-Stack Identity & Access Management Solution on the market today. SAASPASS allows you to do with one product what it currently takes a combination of 4 to 5 other products to do.
In your SAASPASS app you can configure multiple accounts including both local accounts (e.g. a local admin account on a workstation or server) and network accounts (e.g. your domain admin account along with your regular active directory user account) as well as accounts for cloud applications.
The sheer number of SAASPASS supported products and services is incredible, it even supports Remote Desktop Program (RDP), making it useful for implementing CMMC practice MA.2.113 which requires “multi-factor authentication to establish nonlocal maintenance sessions via external network connections”.
The SAASPASS App Allows You To Authenticate to Systems Without an Internet Connection
SAASPASS is great for employees that are always on the go because they can log into their workstation without an internet or cell phone connection (unlike some 2FA solutions that send a text or require you to be connected to the internet). Users simply enter their username, password, and the authentication code from their app to log into their system (no internet connection required).
Don’t Have a Smartphone? No Problem.
There is always that one user who either doesn’t want to use their smartphone or doesn’t have one yet, in that case they can be provided with a SAASPASS keyfob to use in place of the mobile app. They simply enter their username, password and pin generated by the keyfob and boom they are in. The system to which the user is logging into must have an internet connection for authentication to succeed, another reason why folks should use the SAASPASS mobile app instead.
Get Set Up with SAASPASS Multi-Factor Authentication
Desired Outcomes is a SAASPASS partner and authorized reseller, meaning that we can get you an exclusive price and support your organization in deploying SAASPAAS. We entered into this partnership because we truly believe that SAASPASS is the best multi-factor authentication (MFA) solution on the market and is the best MFA product for companies seeking to earn their cybersecurity maturity model certification (CMMC). Companies with DFARS requirements are already using it. Users love the app (based on my personal experience supporting it in the field), the customer support is superb, and it just plain works.
Reach out to us at email@example.com to get started with SAASPASS.