Implement Multi-factor Authentication (MFA) for Access

Control ID:CCC.Core.CN03

Title:Implement Multi-factor Authentication (MFA) for Access

Objective:Ensure that all sensitive activities require two or more identity factors during authentication to prevent unauthorized access.

Control Family:

Identity and Access Management

Reference ID	Entry ID	Strength	Remarks
CCM	IAM-14	3	Strong Authentication (Define, implement and evaluate processes - including MFA)

ID	Description	Applicability
CCC.Core.CN03.AR01	When an entity attempts to modify the service through a user interface, the authentication process MUST require multiple identifying factors for authentication.	tlp-clear tlp-green tlp-amber tlp-red
CCC.Core.CN03.AR02	When an entity attempts to modify the service through an API endpoint, the authentication process MUST require a credential such as an API key or token AND originate from within the trust perimeter.	tlp-clear tlp-green tlp-amber tlp-red
CCC.Core.CN03.AR03	When an entity attempts to view information on the service through a user interface, the authentication process MUST require multiple identifying factors from the user.	tlp-amber tlp-red
CCC.Core.CN03.AR04	When an entity attempts to view information on the service through an API endpoint, the authentication process MUST require a credential such as an API key or token AND originate from within the trust perimeter.	tlp-amber tlp-red