E.1.3 Multi-factor authentication (MFA)

Control Details

Objective

Decrease the chances an account will be compromised.

Definition

Enforce multi-factor authentication (MFA) at the source code repository level by requiring a soft or physical token in addition to traditional passwords/credentials that are more likely to be compromised using techniques such as brute force guessing.

Assessment Questions

1. How is MFA mandated and enforced at the source code repository level?
2. Describe the tokens that are used, e.g. are soft or physical tokens used?
3. How is MFA enforced for endpoints?

Reference sources

1. OWASP-SCVS 4.5
2. CNCF-SSC SC-SA: Enforce MFA for accessing source code repositories