2FA - MFAS Service
The Multifactor Authentication Platform (2FA)
It is designed as a local workstation access authentication solution, PCI DSS v3.2 compliant and interoperable in Windows and Linux operating system environments.
The scope of this project is limited to MFA security on local workstations in the organization. Not to MFA via browser connection.
Requirement 8.3.1: For non-console access to any account with administrative privileges originating from trusted networks (such as internal networks) that allow access to the CDE (Cardholder Data Environment). .
The development of the solution will take into account, as much as possible, the recommendations published in the NIST SP 800-63-3 "Digital Authentication Guideline", which includes a series of best practices in the electronic authentication process.
ANF AC's multifactor authentication is validated at the same time, so that, in the case of a failed authentication, the user does not know which of the authentication factors introduced is incorrect, thus providing the service with greater security, following the instructions of the latest updates of the PCISSC
The factor corresponding to "what I know”
he factor corresponding to "what I own"
The project is scalable to as many workstations as required.
Includes qualified electronic signature certificates, valid for 2 years. (Physical token, key distribution, or centralized).
Engineering service for two support in the implementation, updates, commissioning and training in the installation, use and administration of the solution.
In the case of workstations with Mac OS, the ANF AC engineering team will determine the maximum possible compatibility once the corresponding laboratory tests have been performed.
Optionally, you can add to the 2FA service:
Renewal of qualified electronic signature certificates.
Technical Assistance Service (after the first six months included in the project).
The qualified certificates of electronic signature issued by ANF AC, comply with the current legal framework Regulation (EU) 910/2014.
The MFA solution complies with the General Data Protection Regulation (EU) 679/2016, in case of need, ANF AC can elaborate document corresponding to the Impact Assessment of the ANF AC MFA solution.