Multi-Factor Authentication Program

Project Sponsor: Dr. Michael Sardaryzadeh

Project Duration: February 2018 to December 2018

Goal and Scope: It is the goal of this program to reduce risk to TAMU by requiring multi-authentication methods when accessing systems or data that hold confidential, sensitive, or private information. Additionally it is the goal of this project to protect accounts with elevated or privileged access from compromise that may lead to financial or reputational loss. Also, as a result of this program, the sharing of account credentials will be drastically reduced.

This program also works toward the fulfilment of Texas A&M System(TAMUS) Regulation 29.01.03, rev 2/5/2018, by identifying systems and services that contain confidential information under the TAMUS Data Classification Standard that require multi-factor authentication (MFA). Developing a program for MFA deployment, a plan to onboard identified systems and services, and a communication and education strategy to enable adoption.

Milestone 1: Mitigate Risk from Ongoing Requests (i.e., Publishing TAMU applications and sites externally, applications and sites that need authentication and/or hold confidential information, etc.)

Create & approve new procedure
Change information on Campus IT site
Communicate procedure change.

Milestone 2: Duo-Enable Division of IT

Identify IT systems that need Duo.
Identify admin access that needs Duo.
Determine technical requirements.
Identify residual risk and document remediation.
Create and Finalize an Exception Process
Communicate to division employees.
Enable Duo on internally facing services.
Require use of Duo.
Lessons Learned

Milestone 3: Duo-Enable Division of IT Services to TAMU Employees

Identify systems that are Services to TAMU and need Duo.
Identify TAMU admin access that needs Duo.
Determine Support Issues and mitigate gaps
Determine technical requirements.
Identify residual risk and document remediation.
Create and Finalize an Exception Process
Targeted communication to affected employees
Enable Duo on Identified services and access.
Onboard TAMU employees to Duo
Changes to CAS, Gateway to streamline Duo enrollment
Lessons Learned

Milestone 4: Duo-Enable TAMU- Campus wide

Identify remaining campus services that require Duo.
Determine auditing mechanisms.
Determine technical requirements.
Identify residual risk and document remediation.
Determine Support Issues and mitigate gaps
Targeted communication to affected service owners and customers
Enable Auditing Mechanism
Enable Duo on Identified services and access.
Onboard users to Duo
Lessons Learned

Program Assumptions:

Order of Milestones and project approach is based on the following two factors:

  • Risk based : Higher risk systems, data, and access to be addressed first.
  • Ease of implementation: Departments, users, and systems where IT can accomplish Duo enrolment quicker will be addressed first.