bigforceone
NIST 800-171 r3 · Identification and Authentication

03.05.03

What this control requires

Source: NIST SP 800-171 R3 §03.05.03 (official control text).

Why this matters

Multi-factor authentication (MFA) prevents account takeover attacks that rely on stolen passwords. Even if an attacker intercepts credentials through phishing, keylogging, or database breaches, they cannot access the system without the second authentication factor — a physical device, biometric scan, or time-based code. This control protects all user accounts, including administrators and remote workers accessing CUI. Without MFA, a single compromised password grants full access to controlled systems and data. Organizations that skip MFA are vulnerable to 99% of credential-based attacks, which represent the leading initial access vector in modern breaches.

What evidence assessors expect

Assessors typically look for: screenshot, CSV export. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.

Related controls

IA.L2-3.5.3

See your live posture on 03.05.03.

FORCE shows where you stand on this control and walks you through closing it.

Start a free trial tenant →
← All controls