Forum Discussion

Ralph Göbel's avatar
Ralph Göbel
Copper Contributor
Sep 28, 2017
Solved

Azure MFA and NIST requirements

Hi there,   I am currently involved in a SharePoint project dealing with high security requirements and I have some problems matching NIST requirements with Azure MFA ways to authenticate. NIST 80...
Azure Active Directory (AAD)
  • Deleted's avatar
    Deleted
    Sep 28, 2017

    I'm afraid I'm far from an expert in this realm, but I believe that the Authenticator app can function as an OTP and an out-of-band device. It functions in OTP mode when you have it setup to give you a one-time code each time you need to log in, and it functions in out-of-band mode when you have it set up to send the user a prompt via Authenticator that they must respond to in order to complete sign in. Hopefully this at least helps a bit Ralph!

Robert Fischer's avatar
Robert Fischer
Copper Contributor
Oct 25, 2017

Ralph, 

 

Here is a  Microsoft document that accomplishes what you are looking to address. The report answers your question directly.  I have added the document for your convenience.  However, you can also reference the work here: https://goo.gl/28eiTc

 

Azure Multi-Factor Authentication enables compliance with regulatory requirements for multi-factor authentication such as the following ones to [a] name of few:

  • NIST 800-63 Electronic Authentication Guidelines for Level 3 Assurance,
  • HIPAA Requirements Relative to Electronic Protected Health Information (EPHI),
  • Payment Card Industry Data Security Standards (PCI DSS),
  • Criminal Justice Information System (CJIS) Security Policy,
  • Authentication in an Internet Banking Environment Guidance (FFIEC).
    (Beraud, Jumelet, & Grasse, 2015, p. 12)

Thanks! 
Bob 

 

References

Beraud, P., Jumelet, A., & Grasse, J. (2015). Leverage Azure Multi-Factor Authentication with Azure AD - Microsoft(pp. 1-40, Rep.). Microsoft France.

 

Resources