Multi-factor Authentication – Now a requirement in the NHS

Recent changes to the NHS Data Security and Protection Toolkit (DSPT) (DAPB0086:Data Security and Protection Toolkit, published under s250 of the Health and Social Care Act 2012) have upgraded recommendations around how remote access to systems and privileged accounts are managed. It now mandates that multifactor authentication (MFA) MUST be enforced on all remote user access to all systems and on all privileged accounts that access externally-hosted systems (for example cloud-hosted or SaaS applications). Furthermore, it states that MFA SHOULD be enforced on privileged accounts that access all other systems (for example in-house or on-premises applications).

Read the full article at