Educause Security Discussion mailing list archives

Re: PCI v2.0 Requirement 8.3

From: "Flynn, Gary - flynngn" <flynngn () JMU EDU>
Date: Mon, 17 Jan 2011 21:35:23 +0000

FYI. In the guidelines document, they say certificate based authentication
qualifies for a second "what you have" factor.

From:  Daniel Bennett <dbennett () PCT EDU>
Reply-To:  The EDUCAUSE Security Constituent Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU>
Date:  Mon, 17 Jan 2011 20:30:35 +0000
To:  <SECURITY () LISTSERV EDUCAUSE EDU>
Subject:  [SECURITY] PCI v2.0 Requirement 8.3

We are currently working on PCI v2.0 compliance and we hit requirement 8.3.
We are very interested in how other institutions have solved this requirement.
Please respond on or off list.  Below is the requirement:
 
8.3 Incorporate two-factor authentication
for remote access (network-level access
originating from outside the network) to
the network by employees,
administrators, and third parties. (For
example, remote authentication and dialin
service (RADIUS) with tokens; terminal
access controller access control system
(TACACS) with tokens; or other
technologies that facilitate two-factor
authentication.)
 
Thanks,
 
Dan



-- 
Gary Flynn
Security Engineer
James Madison University

Attachment: smime.p7s
Description:

Current thread:

PCI v2.0 Requirement 8.3 Daniel Bennett (Jan 17)
- Re: PCI v2.0 Requirement 8.3 Flynn, Gary - flynngn (Jan 17)
- Re: PCI v2.0 Requirement 8.3 Blake Penn (Jan 18)
  - Re: PCI v2.0 Requirement 8.3 Taylor, James R (Jan 18)
  - Re: PCI v2.0 Requirement 8.3 Taylor, James R (Jan 18)
  - Re: PCI v2.0 Requirement 8.3 Marcum, Chad A (Jan 19)
    - Re: PCI v2.0 Requirement 8.3 Blake Penn (Jan 20)
- Re: PCI v2.0 Requirement 8.3 Mike Leach (Jan 18)
- Re: PCI v2.0 Requirement 8.3 Joe Marshall (Jan 18)