04-30-2018 05:04 PM
Guys, I have a problem implementing the Duo. I’m going through a PCI 3.2 certification process, where the MFA process has changed.
According to PCI 3.2 the MFA should now respect some points such as:
The authentication mechanisms used for MFA should be independent of one another such that access to a factor does not grant access to any other factor, and the compromise of any one factor does not affect the integrity or confidentiality of any other factor.
PCI DSS requires that all factors in multi-factor authentication be verified prior to the authentication. (Which is not happening in my case, first it opens the logon screen, however, when the user misses the password, Windows returns the screen again asking for the correct password, thus allowing a try and error case)
Moreover, no prior knowledge of the success or failure of any
factor should be provided to the individual until all factors have been presented. (Again my problem repeats itself.)
Could anyone tell me if there is a way to configure the DUO for this type of operation?
From what I read, the tool is fully compliant with PCI DSS 3.2, but I have not seen this in practice.
I count on your cooperation.
Big Hugs,
Solved! Go to Solution.
05-01-2018 11:34 AM
Hi Gustavo,
Have you watched this webinar Webinar: MFA Requirements for PCI Compliance | Duo Security?
It covers the following topics:
Please review and let us know if you still have additional questions.
05-01-2018 11:34 AM
Hi Gustavo,
Have you watched this webinar Webinar: MFA Requirements for PCI Compliance | Duo Security?
It covers the following topics:
Please review and let us know if you still have additional questions.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide