Central Authentication Services


SB12. Servers or applications, whether managed directly by Harvard or via contract with a third-party service provider for Harvard's use (e.g. IaaS, SaaS), must use a centrally-managed authentication system that requires more than one factor for authentication. , e.g. HarvardKey or Harvard VPN, or comparable non-Harvard multi-factor authentication system (supported/approved by Harvard).


Publicly facing website content is not in scope.


How To Comply