Multi-Factor Authentication

  • Published on Mar 26, 2026
  • 1 minute(s) read
Prev Next

WHAT IS MULTI-FACTOR AUTHENTICATION AND WHY IS IT IMPORTANT?

About This Control

Summary: Multi-Factor Authentication (MFA) enhances the authentication process by requiring the use of multiple authentication factors to verify a user’s identity before granting access to a system.

Purpose: MFA significantly strengthens the authentication process compared to reliance on a single factor, such as a password. This layered approach mitigates the risks associated with compromised credentials by ensuring that unauthorized access is not easily achieved.

Why It Matters

  • Single-Factor authentication, especially when relying only on a password, is frequently bypassed by a determined attacker.

  • Multi-Factor authentication is considered standard and is required by compliance frameworks such as PCI DSS and Center for Internet Security (CIS) Critical Security Controls (CSCs).

Risks Addressed

  • MFA protects against common attacks on passwords such as credential-stuffing and password spraying.

  • Account takeovers due to leaked or stolen passwords are mitigated by using a second factor.

  • Regulatory non-compliance since nearly all frameworks now require MFA for at least some forms of access.

CONTROLS THIS DASHBOARD REPORTS ON

  • NIST CSF v2.0:

    Subcategory PR.AA-03: Users, services, and hardware are authenticated

  • PCI-DSS v4.0.1:

    8.4.2 MFA is implemented for all non-console access into the CDE.

    8.4.3 MFA is implemented for all remote access originating from outside the entity’s network that could access or impact the CDE.

  • CIS CSC v8.1:

    6.3 Require MFA for Externally-Exposed Applications

    6.4 Require MFA for Remote Network Access

    6.5 Require MFA for Administrative Access

PRIMARY KEY PERFORMANCE INDICATOR (KPI)

The dashboard reports on this Primary KPI:

  • Numerator: Number of sign-ins that were MFA compliant for any of the in-scope forms of access.

  • Denominator: Count of sign-ins in-scope for MFA.

COLUMNS DISPLAYED ON THE DETAIL DASHBOARD

  • Leading: Compliance Status MFA Used, MFA Used Total

  • Application: Application Names, Is MFA Required, Application Owner

  • Authentication: Application Id Join Key, Authentication MFA Exempt, Authentication MFA Factor, Authentication MFA Used, Authentication Service Name, Authentication Sign In Source, Authentication Sign In Time, Authentication User Account Name

  • Access: User Groups, User Is Admin, Access Types

  • Org Hierarchy: Employee Databee Id, Employee Email Address, Employee UID, Employee Full Name, Employee Job Title, Employee Name, Manager Databee Id, Manager Email Address, Manager Full Name, Level 2, Level 3, Level 4, Level 5, Level 6

OCSF TABLES USED BY THE DASHBOARD

  • CDP.USERS

  • CDP.APPLICATIONS

  • OCSF.AUTHENTICATION

Copyright © 2026 DataBee®, A Comcast Company.
DataBee® is a registered trademark of Comcast.