Each Catholic entity should take the following appropriate measures to prevent unauthorized access to systems (includes elementary, middle, and high school students, except as noted):
- Individuals are required to register a second device and use MFA to access the organization’s network, with the exception of elementary and middle school students who may not have access to a second device.
- MFA is required for all externally-exposed applications, where supported.
- MFA is required for all remote network access.
- MFA is required for all administrative access accounts, where supported, on all assets, whether managed on-site or through a third-party provider.
When vendors offer an option to opt in or out of MFA, users must always opt in to enhance security. For more information, view the Catholic Mutual Security Standards.
