CMMC control 3.3.2 (Audit & Accountability) requires that actions be logged and traceable to a specific user. But what to do about shared accounts sometimes used in manufacturing and other specialized environments?
ENC Director of Technology Thomas Kinsinger explains how Duo, Cisco’s 2FA solution, can be used to meet this requirement while enhancing the security of environments uisng shared accounts.
Hey, I’m Thomas Kinsinger, director of technology at E-N Computers.
Today we are talking to those who are working to achieve CMMC compliance. What we are looking at today is a product that will help achieve some of the requirements in the control family 3.3 Audit and Accountability.
One of the challenges for many organizations who are looking to become CMMC compliant is the management of shared accounts. Generally, using shared accounts should be avoided. But, particularly in manufacturing, some computers will have a shared user account that runs a program.
The problem arises when multiple people use the program and computer. And CMMC Control 3.3.2 requires that organizations be able to audit logs of access by a specific user or person for each device.
For these situations, Cisco DUO with a YubiKey is a perfect solution. Each MFA key will be associated with a user. This will ensure that each person’s access is logged.
You can have multiple YubiKeys or tokens associated with one shared account using DUO. This will produce a record of each person accessing the shared account in compliance with CMMC requirements.
I hope you have found this helpful. If you would like to schedule a consultation for getting started with DUO or if you would like a quote, please visit our website at encomputers.com and fill out the contact form and someone from our team will be in touch.
Is your business ready to weather changes, including employee turnover? Find out by taking our IT maturity assessment.
You’ll get personalized action items that you can use to make improvements right away. Plus, you’ll have the opportunity to book a FREE IT strategy session to get even more insights into your IT needs.