Identity Management - Multi-Factor Authentication Coverage
Description
The percentage of user accounts secured with multi-factor authentication, a critical metric that quantifies the effectiveness of identity protection by reducing the risk of unauthorized access and safeguarding sensitive assets, making it vital for minimizing the impact of credential-based attacks.
| Attribute |
Value |
| Metric id |
im_authentication_mfa |
| Category |
Identity Management |
| SLO |
90.00% - 95.00% |
| Weight |
0.5 |
| Type |
 |
References
| Framework |
Ref |
Domain |
Control |
| CIS 8.1 |
6.3 |
Access Control Management |
Require MFA for Externally-Exposed Applications |
| CIS 8.1 |
6.4 |
Access Control Management |
Require MFA for Remote Network Access |
| CIS 8.1 |
6.5 |
Access Control Management |
Require MFA for Administrative Access |
| ISO 27001:2022 |
A.5.17 |
5 Organizational controls |
Authentication information |
| NIST CSF v2.0 |
PR.AA-03 |
Identity Management, Authentication, and Access Control (PR.AA) |
PR.AA-03: Users, services, and hardware are authenticated |