Stringent Access Control and Multi-Factor Authentication to Meet MAS TRM Guidelines
In January 2021, The Monetary Authority of Singapore (MAS) has released the enhanced “Technology Risk Management” (TRM) guidelines, which applies to all financial institutions (FIs), not only banking.
Under TRM guideline, Access Control, which includes user access management, privileged access management and remote access management, is flagged as one of the vulnerabilities FIs need to look into.
i-Sprint’s suite of Digital Identity solution address the MAS TRM guidelines related to access control.
Strong Password Management
The current proliferation of login IDs and passwords is becoming a serious issue in most organizations. It is especially critical when internal and external users are accessing multiple e-business systems. Organizations encounter challenges to address the following:
- How can we efficiently manage many different internal and external users, their credentials and privileges?
- How do we reduce the number of login IDs/passwords for our users?
- How do we efficiently enforce an enterprise-wide security policy, especially in a large organization?
- How do we support segregation of duties to prevent giving too much power to one person or functional role?
- How do we achieve Single Sign-On for e-business and other applications?
i-Sprint Universal Access Management and Single Sign-On Solutions can help organizations address the above challenges and meet MAS TRM guidelines.
- Embedded Strong Authentication, Web SSO, Federated SSO and Enterprise SSO on the same back-end
- Extensible Pluggable Authentication Modules support strong authentication requirements using SMS, hardware and software tokens
- Flexible and open APIs are provided for ease of integration and code re-use for security 4As services
- Support SAML, OAuth and OpenID Connect
- Tamper-evident Audit Trail
Two-Factor/ Multi-Factor Authentication
In organizations that need tighter control of the user accessing the sensitive system, a second and multi-layer authentication is necessary to re-verify the users. i-Sprint’s Universal Authentication Server (UAS) is a comprehensive and versatile authentication server that enables organizations to centralize all its authentication schemes in a single unified platform. It is a future-proof authentication infrastructure that supports multiple authentication mechanisms (such as passwords, OTP, biometrics) for strong authentication and authorization requirements.
UAS provides a unified token management platform supporting multiple authentication methods and mechanisms for strong authentication and authorization requirements. Based on the proven AccessMatrix™ Integrated Security Architecture, UAS includes user administration, authentication, authorization, and audit services (4As) to address security and compliance requirements.
- Versatile Authentication Support
- Complete Token Life Cycle Management & Administration
- Embedded Vendor Agnostic Authentication Support for OTP and Biometrics
- Comprehensive Support for Mobile Device-based authentication
- Extensible to SSO on the same platform