NIST-800-53-IA-2 1

Identification and Authentication (Organizational Users) | Network Access to Privileged Accounts

Multi-Factor Authentication

AWS multifactor authentication (MFA) for privileged users of the AWS console is implemented. This service has been configured for 18F administrative accounts in IAM. Multifactor authentication adds an extra layer of security for login access to the AWS management console. 18F users are prompted for a username and password, as well as the authentication code from their MFA device.

JumpBox

cloud.gov currently does not have MFA capabilities implemented for users; however, any administrative actions taken on the platform requires authentication via encrypted ssh keys which are limited to specific users on the jumpbox.

Identification and Authentication Policy for 18F

Multifactor authentication is enforced both in the GSA enterprise login system and GitHub.

Covered By:

User Account and Authentication (UAA) Server

Cloud.Gov does not have MFA capabilities implemented. Cloud.Gov currently utilizes username and password for identification and authentication of non-privileged accounts.

results matching ""

    No results matching ""