Title: The DBMS must use multifactor authentication for network access to privileged accounts.
Vulnerability ID: V-32443
IA Controls: None
Description: Multifactor authentication is defined as using two or more factors to achieve authentication.
(i) Something a user knows (e.g., password/PIN);
(ii) Something a user has (e.g., cryptographic identification device, token); or
(iii) Something a user is (e.g., biometric).
A privileged account is defined as an information system account with authorizations of a privileged user.
Network access is defined as access to an information system by a user (or a process acting on behalf of a user) communicating through a network (e.g., local area network, wide area network, Internet).
The lack of multifactor authentication makes it much easier for an attacker to gain unauthorized access to a system.
Check Text: Review DBMS settings to determine whether users logging into privileged accounts via a network are required to use multifactor authentication. If users logging into privileged accounts via a network are not required to use multifactor authentication, this is a finding.
Fix Text: Configure DBMS settings to require multifactor authentication for network users logging into privileged accounts.[divider]