MFA policy updated to include hardware tokens

Description

Acceptable MFA methods policy expanded to require FIDO2 hardware tokens for all privileged users accessing CUI systems. Mobile authenticators still permitted for standard users.

Related requirements

Decision

History

1. 2026-03-05

   Change logged

   MFA policy updated to include hardware tokens was recorded.

   Marcus Webb

2. 2026-03-01

   Decision recorded

   No impact

   Marcus Webb