Educause Security Discussion mailing list archives
Re: PCI v2.0 Requirement 8.3
From: "Flynn, Gary - flynngn" <flynngn () JMU EDU>
Date: Mon, 17 Jan 2011 21:35:23 +0000
FYI. In the guidelines document, they say certificate based authentication qualifies for a second "what you have" factor. From: Daniel Bennett <dbennett () PCT EDU> Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> Date: Mon, 17 Jan 2011 20:30:35 +0000 To: <SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] PCI v2.0 Requirement 8.3
We are currently working on PCI v2.0 compliance and we hit requirement 8.3. We are very interested in how other institutions have solved this requirement. Please respond on or off list. Below is the requirement: 8.3 Incorporate two-factor authentication for remote access (network-level access originating from outside the network) to the network by employees, administrators, and third parties. (For example, remote authentication and dialin service (RADIUS) with tokens; terminal access controller access control system (TACACS) with tokens; or other technologies that facilitate two-factor authentication.) Thanks, Dan
-- Gary Flynn Security Engineer James Madison University
Attachment:
smime.p7s
Description:
Current thread:
- PCI v2.0 Requirement 8.3 Daniel Bennett (Jan 17)
- Re: PCI v2.0 Requirement 8.3 Flynn, Gary - flynngn (Jan 17)
- Re: PCI v2.0 Requirement 8.3 Blake Penn (Jan 18)
- Re: PCI v2.0 Requirement 8.3 Taylor, James R (Jan 18)
- Re: PCI v2.0 Requirement 8.3 Taylor, James R (Jan 18)
- Re: PCI v2.0 Requirement 8.3 Marcum, Chad A (Jan 19)
- Re: PCI v2.0 Requirement 8.3 Blake Penn (Jan 20)
- Re: PCI v2.0 Requirement 8.3 Mike Leach (Jan 18)
- Re: PCI v2.0 Requirement 8.3 Joe Marshall (Jan 18)