NIST 800-53 REV 5 • IDENTIFICATION AND AUTHENTICATION

IA-2(11)Remote Access — Separate Device

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Practitioner Notes

This enhancement was incorporated into IA-2(6). It previously addressed MFA via separate device specifically for remote access scenarios.

Example 1: Require all VPN users to authenticate with a hardware token or phone-based authenticator in addition to their password before establishing remote connections.

Example 2: Configure Conditional Access policies to always require MFA for any sign-in from outside your trusted network locations, regardless of the device used.

More Identification and Authentication Controls

IA-1 Policy and Procedures IA-2 Identification and Authentication (Organizational Users) IA-2(1) Multi-factor Authentication to Privileged Accounts IA-2(2) Multi-factor Authentication to Non-privileged Accounts