Purpose #
This policy outlines our requirement for secure authentication of users who connect to Nested Knowledge information systems. We are committed to protecting the security, privacy, and integrity of Nested Knowledge information systems by increasing the resiliency of authentication under partially compromised credentials.
Scope This policy affects all employees, contractors, consultants, and business partners of Nested Knowledge.
Internal Company MFA Policy #
Nested Knowledge will require multi-factor authentication (MFA) on all internal systems by default. Nested Knowledge will make exceptions on the basis of 1. lack of availability of MFA in the solution 2. low sensitivity data processed. We will evaluate the risk and sensitivity or personal and organizational data, such as personal employee data, user data, intellectual property, and financial information, on an ongoing basis. Evaluation will be based on our data classification system.
#
Multi-Factor Authentication for Remote Access #
Nested Knowledge has no internal network for employees, therefore multi-factor authentication for remote access is not applicable. All cloud services accessed by Nested Knowledge employees will be configured to require MFA and monitored on a quarterly basis for compliance.
Multi-Factor Authentication for Financial Information #
At present, Nested Knowledge stores financial information via a cloud-based accounting software. Our security measures for protecting such data are determined by the software. At present, it requires MFA of all users. The accounting application is a VeriSign Secured(TM) product, which is the leading secure sockets layer (SSL) Certificate Authority. It uses firewall protected servers and the encryption technology (128 bit SSL).
Authentication with Client Data #
In cases where a client grants Nested Knowledge access to data with the explicit requirement of multi-factor or other authentication in order to access the data, we will adhere to the level of authentication required by the client. Where clients upload data to the Nested Knowledge platform or to any cloud managed by Nested Knowledge without explicit requirement, we will adhere to the level of authentication outlined in this policy.
Cloud Based Applications #
Our most sensitive systems, namely our production, cloud resources require MFA; we require physical token or authenticator app-based MFA in these environments, and compliance is monitored in an ongoing, automatic manner and additionally via manual quarterly audit.
Application MFA Policy #
Multi-factor authentication has not been implemented for Nested Knowledge’s client-facing software product using U/P signin. To gain MFA, users are encouraged to leverage SSO (an Enterprise feature) or Google Sign In (available to all tiers).
Revision History #
| Author | Date of Revision/Review | Comments |
|---|---|---|
| K. Cowie | 10/25/2024 | Revised |
| K. Cowie | 11/24/2021, 10/06/2023 | In progress. |
| K. Holub | 12/12/2025 | Reviewed and Updated for current practices |
| K. Kallmes | 11/26/2021 | Draft approved |
