Authentication Policy

DAFshare Authentication Policy 

1. Introduction

Deploying strong authentication mechanisms, such as multi-factor authentication (MFA), is essential for securing access to critical assets. This policy outlines the requirements and procedures for implementing strong authentication for all critical assets within the organization.

2. Purpose

The purpose of this policy is to enhance the security of critical assets by requiring strong authentication methods, including multi-factor authentication, to prevent unauthorized access.

3. Scope

This policy applies to all employees, users, and third-party vendors who access critical assets, including systems, applications, and data.

4. Authentication Methods

a. Multi-Factor Authentication (MFA)

  • Definition: MFA combines two or more independent credentials: something you know (password), something you have (security token or smartphone), and something you are (biometric verification).

  • Requirement: All users must use MFA to access critical assets.

b. Acceptable Authentication Factors

  1. Something You Know

    • Passwords: Must meet complexity requirements and be changed regularly.

  2. Something You Have

    • Security Tokens: Hardware tokens or software-based tokens (e.g., Google Authenticator, Authy).

5. Implementation Procedures

a. System Configuration

  • Configure login and payment confirmation require MFA.

  • Integrate MFA with existing identity and access management (IAM) systems.

b. Enrollment Process

  • User Enrollment: Users can enroll their MFA devices (e.g., mobile phones for OTP apps, biometric data) through a secure registration process.

  • Verification: DAFshare ensures verification of the enrolled devices before granting access.

c. Access Control

  • Initial Authentication: Users must authenticate using a combination of their password and/or a second factor.

  • Session Management: DAFshare implements session timeouts and re-authentication requirements for prolonged sessions.

6. Critical Asset Identification

a. URL identification

  • DAFshare Maintains an up-to-date list of all critical urls, to apply MFA security on them, currently login and payment can be set by the user to approve via MFA.

b. Risk Assessment

  • DAFshare conducts regular risk assessments to identify which url requires the strongest authentication measures.

  • DAFshare prioritizes urls based on potential impact in the event of unauthorized access.

7. Monitoring and Logging

a. Authentication Logs

  • DAFshare enables logging for all authentication attempts to critical assets.

  • DAFshare captures details such as user identity, authentication factors used, time of access, and access outcomes.

b. Monitoring

  • DAFshare continuously monitors authentication logs for suspicious activities and potential security incidents.

  • DAFshare uses security information and event management (SIEM) systems to aggregate and analyze authentication data.

8. Incident Response

a. Detection

  • DAFshare implements automated alerts for failed authentication attempts and unusual login patterns.

  • DAFshare investigates suspicious activities promptly to determine if there is a security breach.

b. Response

  • DAFshare follows the incident response plan for handling authentication-related security incidents.

  • DAFshare includes steps for notifying affected users, resetting compromised accounts, and reviewing security controls.

9. Training and Awareness

  • DAFshare provides regular training for employees and contractors on the importance of strong authentication and how to use MFA tools.

  • DAFshare raises awareness about phishing and other social engineering attacks that target authentication mechanisms.

10. Compliance and Best Practices

a. Regulatory Compliance

  • DAFshare ensures that MFA deployment complies with relevant regulations and industry standards, such as GDPR, PCI-DSS, and HIPAA.

  • DAFshare regularly reviews and updates authentication practices to align with regulatory changes.

b. Industry Best Practices

  • DAFshare stays informed about the latest best practices in authentication security.

  • DAFshare regularly reviews and improves authentication mechanisms to address new threats and vulnerabilities.

11. Review and Updates

  • DAFshare conducts regular reviews of the strong authentication policy to ensure its effectiveness.

  • DAFshare updates the policy and related procedures to reflect changes in technology, threat landscape, and organizational requirements.

12. Enforcement

  • DAFshare ensures compliance with the strong authentication policy across the organization.

  • Non-compliance with authentication requirements may result in disciplinary action, up to and including termination of employment.

Get started. It’s free.

team@dafshare.com

Privacy Policy Terms & Conditions