Cyber Essentials now states that Multi-Factor Authentication (MFA) should be implemented for accessing cloud-based services.
The guidance states:
As well as providing extra protection for passwords that are not protected by other technical controls, multi-factor authentication should always be used to provide additional protection to administrative accounts, and accounts that are accessible from the internet.
The password element of the multi-factor authentication approach must have a password length of at least 8 characters, with no maximum length restrictions.
There are four types of additional factors that may be considered:
- a managed/enterprise device
- an app on a trusted device
- a physically separate token
- a known or trusted account
Additional factors should be chosen so that they are usable and accessible. This may require user testing to verify if a factor is suitable for the users.
If you are a CogniSoft customer we wanted to make you aware that your CogniSoft system supports MFA integration with Google Authenticator and Authy.
Additionally, your system also supports Single Sign On (SSO). SSO is supported currently using either Google, Microsoft or CogniSoft ID (currently excluding Touchpoint/NCS).
Our approach to security in all of our software development and hosted delivery processes is a feature of our audit and forms a part of our ISO certification. All staff are subject to the information security management system and all our internal processes are covered, including the hosting services we would use to provide the system.