Authentication for access using privileged accounts includes Multi-Factor Authentication. This can include Multi-Factor Authentication to get access to a network and subsequent strong cryptographic asymmetric keys for authentication.
Devices cannot be marked as ‘trusted’ for Multi-Factor for privileged access.
MFA-tokens used as factors are user-specific and measures are in place to safeguard that these tokens remain strictly personal.
Specification
Authenticators must validate to Authenticator Assurance Level 3, according to NIST Special Publication 800-63 section 4.2: https://pages.nist.gov/800-63-3/sp800-63-3.html#sec4
ISO 27001 & 27002:2022
A8.2,
A8.5,
A8.15
SURF toetsingskader informatiebeveiliging (NBA-volwassenheidsmodel)
ID.03 Super users