Common Compliance Standards and MFA
- MFA and Payment Card Industry Data Security Standard (PCI DSS)
The Payment Card Industry Data Security Standard (PCI DSS) is a standard developed to govern the credit card industry to protect cardholder data and mitigate fraud.
To meet PCI DSS requirements for protecting cardholder data, the PCI DSS requires that all accounts that have access to sensitive information must have MFA implemented. - MFA and Federal Financial Institutions Examination Council (FFIEC)
The Federal Financial Institutions Examination Council (FFIEC) created a set of guidelines for financial institutions around managing risk in information security.
The FFIEC has determined that implementing MFA is an effective way to reduce the risk of data breaches and financial loss. LoginTC can help you determine which individuals and accounts should require MFA to access as part of FFIEC standards. - MFA and Health Insurance Portability and Accountability Act (HIPAA)
The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule regulates the use and disclosure of Protected Health Information (PHI) in the healthcare industry.HIPAA requires that digital health records be protected from unauthorized access. MFA can help meet this requirement when implemented on all accounts with access to PHI.
- MFA and Gramm Leach Bliley Act (GLBA)
The Gramm Leach Bliley Act (GLBA) governs the collection and use of private data in the financial sector. It encompasses non-banking financial institutions, including universities, car rental companies, payday lenders, and more.To meet GLBA compliance, all individuals who have access to sensitive information are required to have MFA implemented on their accounts.
- MFA for SOC 2
SOC 2 is a compliance standard for service organizations, which mandates how organizations should manage customer data.To meet SOC 2 requirements, organizations must prove that sensitive data is protected from unauthorized access, and strong password measures are in place. MFA can ensure you meet both requirements.
- MFA for Sarbanes-Oxley (SOX)
The Sarbanes-Oxley (SOX) standard governs financial record keeping and reporting.As part of the mandate, passwords and other access credentials must be sufficiently protected. MFA can help your organization comply with the SOX access protection requirement.