Call Us Today! (256) 704-0234 |

2-Factor Authentication and Why it’s Important

||2-Factor Authentication and Why it’s Important

2-Factor Authentication and Why it’s Important

If you’ve been involved in the DFARS 252.204-7012 (Implementing NIST 800-171) process you’ve seen the wording in the regulation requiring a second layer of defense for your systems — 2-Factor Authentication or Multi-Factor Authentication (you will see it presented either way, but they are the same thing). Multi-Factor Authentication (MFA) is one of the requirements imposed by  DFARS 252.204-7012 via NIST SP 800-171.  This requirement is familiar to the government network computer users but is a new requirement for contractors. Implementing MFA is not a cheap process, and as a small business, we were dumbfounded as to the, supposed, lack of solutions — so we did some research. We found a multitude of solutions to satisfy the MFA requirement without breaking the bank (see the Partner Page of our website for more information). MFA is an extra level of security that has been needed for a long time, but as with many other security best practices, unless there is a forcible business driver, it is an overhead cost and function that is never implemented.

Well,  DFARS 252.204-7012 (Implementing NIST 800-171) is your business driver.

Soon, if you haven’t been already, prime contractors and even direct contracting officers will be questioning your DFARS compliance status, hence, why DFARS is your business driver. If you have a DFARS compliance requirement and you are not working toward the goal, the next contractor on the bidding list may be (or they may already be compliant!). If they can provide artifacts or a Plan of Actions and Milestones (PoA&M) to prove their compliance, they may be selected over you for the next contract.

So, that was a bit “cart before the horse,” but back to what MFA is.  It is a log-in process to your computer or computer network that requires two factors of authentication.  Instead of just a username and password, you need one more “factor” to authenticate you to your computer or network.  The most common implementation of this is smart cards or tokens, with PIN numbers or changing values, respectively.  While a hassle, it does provide another layer of defense, such that an attacker must have a physical object of yours in order to compromise your system.

By |2018-06-02T17:12:46+00:00February 28th, 2017|Techni-Core Blog|0 Comments

About the Author:

Hi, everyone! My name is Jana Abbott Ricchetti, and I serve as Techni-Core's Team Lead, Project Manager for all IT and Cyber Security services, and Marketing/Business Development Manager. I am a graduate of Mississippi State University (Hail State!) with a degree in Communication Studies. I joined Techni-Core about four years ago. Over that time, I have worked with executive leadership to rebrand TCNS, expand service offerings, structure more successful and efficient compliance projects, and foster vendor relationships to serve all of our customers. The best part of my job is the reward of knowing that our services directly support the success of our customers - there is no better feeling! My customers are the bomb, and I am so honored that they trust me to manage their IT, Compliance, and Cyber services. I LOVE phone calls from customers, so give me a call any time you need anything - I am always happy to help.

Leave A Comment