Please enable JavaScript.
Coggle requires JavaScript to display documents.
Authenticator Self-Service - Coggle Diagram
Authenticator Self-Service
Trust Zones - Authenticator-strength
LEVEL 2
Memorized Secret
Password policy
Min characters: 16
Lockout: 3 attempts
Expiration:
Lockout enabled
Auto unlock
Lockout duration
enforce strong password
NIST 800-53 Moderate/High - Provide matrix
Hitrust Level 3
Domains
CernC2
Sweden
CernerSphere
UkSphere
CernPCI
Spherestage
AUS - NSW
Federal AD Domains
NorthAmerica "A" accounts
User account type
"A"
STIGS
LEVEL 3
MF OTP
NIST 800-63-B
RSA Hardware Token
MF Crypto Device
CAC/PIV
FIDO
Out-of-Band
Duo Push
NIST 800-63-3B
SF OTP
Duo Hardware Token
Yubikey OTP
Duo Mobile OTP
NIST 800-63-3B
LEVEL 1
Memorized Secret
NIST 800-53 Low
Min. password requirement
Min: 8 characters
Lockout threshold:
Expiration: 90 days
Lockout enabled: yes
Lockout duration: 30 mins
Auto unlock: yes
Enforce strong passwords/dictionary lists
Domains
NorthAmerica
Resdm50
CernerASP
CernAWS
Globals
Auxiliary domains (EXT)
User account types
Regular user
Not Supported
Bypass Codes
Identity Verifier
Recovery Keys
Security Questions - JIM says best in CLASS
Domains
NorthAmerica
CernerASP
Global
CernC2
CernerSphere
UkSphere
CernPCI
Duo Security
Malvern (ResDM50)
Account types
Regular User
Privilege/Admin
"A" accounts
"Z" accounts
"S" Accounts
System Account/Service??
Capabilities/ Actions
Reset authenticator (Forgotten)
Level 2
3 + N
N + Recovery Keys
2 + 1
Level 3
3 + N
N + Recovery Keys
Level 1
3 + N
N + Verifier
1 + 2
Unlock authenticator
N
same level or greater
Change credential
Risks
Same credential from the same Level
Attempt Thresholds: 3
Recovery keys are generated once enrolled into Duo
Trust Zones - Risk-Based
Level 1
Low Sensitivity & Risk
Corporate/Enterprise
NorthAmerica
Non-Administrative
Administrative
Verifer
Security Questions
Level 2
Moderate Sensitivity & Risk
Secrets - Commercial/RHO
CernerASP
CernAWS
CernC2
Globals
Spheres
Malvern - ResDM50
PCI
Administrative - A/E/S accounts
Non-Administrative
MFA Authenticator - Duo Security
MFA Authenticator - FIDO
Verifier
Recovery Keys
Level 3
High Sensitivity & Risk
Federal
DoD & VA domains
RSA Security
CAC/PIV
Capabilities/Actions
Reset authenticator
Level 1
Level 1 Verifier
N of N questions answered
Duo + level 1/2
Duo + L2Verifer
Level 2
Duo + L2