Implement Multi-factor Authentication (MFA) for Access

Control ID:CCC.Core.C03

Title:Implement Multi-factor Authentication (MFA) for Access

Objective:Ensure that all sensitive activities require two or more identity factors during authentication to prevent unauthorized access.

Control Family:

Identity and Access Management

Reference ID	Entry ID	Strength	Remarks
CCM	IAM-14	3	Strong Authentication (Define, implement and evaluate processes - including MFA)
NIST-CSF	PR.AC-7	0	-
CCM	IAM-03	0	-
CCM	IAM-08	0	-
ISO_27001	2013 A.9.4.2	0	-
NIST_800_53	IA-2	0	-

ID	Description	Applicability
CCC.Core.C03.TR01	When an entity attempts to modify the service through a user interface, the authentication process MUST require multiple identifying factors for authentication.	tlp-clear tlp-green tlp-amber tlp-red
CCC.Core.C03.TR02	When an entity attempts to modify the service through an API endpoint, the authentication process MUST require a credential such as an API key or token AND originate from within the trust perimeter.	tlp-clear tlp-green tlp-amber tlp-red
CCC.Core.C03.TR03	When an entity attempts to view information on the service through a user interface, the authentication process MUST require multiple identifying factors from the user.	tlp-amber tlp-red
CCC.Core.C03.TR04	When an entity attempts to view information on the service through an API endpoint, the authentication process MUST require a credential such as an API key or token AND originate from within the trust perimeter.	tlp-amber tlp-red