Federal Financial Institutions Examination Council issues updated guidance advising banks to use stronger access controls and multifactor authentication. Some experts say that while not fundamentally groundbreaking, the updated guidance is still “long overdue” The document replaces FFIEC guidance issued in 2005 and 2011. It does not impose any new regulatory requirements, it says. The potential attack surface for financial institutions has expanded with the proliferation of mobile computing, smart phone applications and “bring your own” devices, the guidance states. The document cites the need for “layered security” practices, including MFA, network segmentation and least privilege access.”]
Source: https://www.govinfosecurity.com/ffiec-updates-authentication-guidance-a-17300