If you are regulated by the New York Department of Financial Services (NYDFS), you must perform an MFA risk assessment in order to be in compliance with Part 500.12, with a written compliance certification signed by board of directors or senior officer due Feb 28, 2019. The regulation mandates implementation of multi-factor or risk-based authentication, based on a risk assessment. Unless you perform a detailed MFA risk assessment, how can you determine your risk and what type of authentication you need and be in compliance?
Failure to perform a detailed MFA risk assessment, implement proper internal controls and attain compliance by the deadlines carries significant risks:
Additionally, a detailed MFA risk assessment will enable implementing the optimal type and level of authentication so you can prevent fraud and data breaches across the enterprise, reduce consumer acquisition costs and prevent abandonment costs, while ensuring a frictionless experience for your consumers.
All entities should perform a detailed MFA risk assessment in order to mitigate risk and ensure safe and sound operations. Additionally, the National Institute of Science and Technology (NIST) has issued the Digital Identity Guidelines describing the standards for multi-factor authentication. So, unless you perform a detailed MFA risk assessment, how do you know where your risks are, whether your internal controls are adequate, where you are using multi-factor authentication, whether it is adequate and commensurate with the risks, and what type of authentication you need to prevent data braches and fraud, while ensuring frictionless experience for your consumers and continuing growth of your business?
Failure to perform a detailed MFA risk assessment and implement proper internal controls carries significant risks:
Neustar’s team of nationally recognized subject matter experts have developed the Multi-Factor Authentication (MFA) Risk Assessment to enable all entities to perform a comprehensive risk assessment, attain compliance and mitigate risks. There is no cost for anyone to download and use the MFA Risk Assessment. It follows industry best practices operational risk assessment methodology and is modeled after the FFIEC Cybersecurity Assessment Tool, NIST Digital Identity Guidelines, NIST Cybersecurity Framework and other authoritative sources. It is easy to use and will quickly identify your gaps, weaknesses and blind spots across the enterprise so you can implement timely risk mitigation.
Here’s how it works:
Watch Neustar's free on-demand webinar: "Multi-factor Authentication: What You Must Do to Remain Compliant."