The FTC’s rapidly evolving standards for MFA

Published in the International Association of Privacy Professionals
cyber security clipart

Two recently settled enforcement actions by the U.S. Federal Trade Commission, combined with new guidance from the Cybersecurity and Infrastructure Security Agency, represent a big leap forward in the expectations placed on data custodians for use of multifactor authentication. Read together, they require privacy and information security professionals to reassess their organizations’ approaches to controlling employee, contractor and affiliate access to enterprise systems that contain personal information.