NIST 800-53 REV 5 • IDENTIFICATION AND AUTHENTICATION

IA-2(4)Local Access to Non-privileged Accounts

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Practitioner Notes

This enhancement requires MFA for local access to non-privileged accounts — standard users logging in locally also need multi-factor authentication.

Example 1: Deploy Windows Hello for Business across all workstations so that even standard users must authenticate with PIN plus facial recognition or fingerprint at the keyboard.

Example 2: Require smart card (CAC/PIV) authentication for all users logging in to workstations connected to your organization's domain.

More Identification and Authentication Controls

IA-1 Policy and Procedures IA-2 Identification and Authentication (Organizational Users) IA-2(1) Multi-factor Authentication to Privileged Accounts IA-2(2) Multi-factor Authentication to Non-privileged Accounts