Require Phishing-Resistant MFA for All Users for Financial Services & Banking

Financial Services & Banking organizations face specific regulatory requirements including soc2, pci-dss, nist-800-53, iso27001. The ID-04 control helps address these requirements by:

• All users must use phishing-resistant MFA (FIDO2, Windows Hello, passkeys)
• SMS and voice call authentication methods are disabled tenant-wide
• Push notification MFA is disabled or only allowed with number matching

Phishing attacks can bypass traditional MFA. At Level 3, the entire organization uses authentication methods that cryptographically prove user presence, eliminating MFA bypass attacks entirely.

When implementing ID-04 in a financial services & banking environment, consider:

• **Regulatory requirements**: soc2, pci-dss, nist-800-53 may mandate specific configurations
• **Risk tolerance**: Financial Services & Banking organizations typically have moderate to low risk tolerance
• **Audit frequency**: Plan for regular compliance reviews
• **Documentation**: Maintain detailed records for regulatory inspections

ID-04 requires the following configuration:

• All users must use phishing-resistant MFA (FIDO2, Windows Hello, passkeys)
• SMS and voice call authentication methods are disabled tenant-wide
• Push notification MFA is disabled or only allowed with number matching

Enables FIDO2 and passkey authentication methods. Users still need to register their own security keys.

With TrueConfig, you can implement this control automatically using our one-click remediation feature.