2-factor authentication for Virtual Private Network
Is it a specified requirement in ISO27001 to have 2FA for a Virtual Private Network connection?
Assign topic to the user
ISO 27001 does not prescribe the use of 2FA on VPNs. To identify if such implementation is needed you have the verify the results of risk assessment and applicable legal requirements (e.g., laws, regulations, and contracts), to see if such implementation will properly treat relevant risk, or fulfill legal clauses.
These articles will provide you a further explanation about the selection of controls and 2FA:
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
- How two-factor authentication enables compliance with ISO 27001 access controls https://advisera.com/27001academy/blog/2017/01/16/how-two-factor-authentication-enables-compliance-with-iso-27001-access-controls/
Comment as guest or Sign in
Jun 22, 2020