Yes. The 2023 amendments require MFA for all remote access to the covered entity's information systems and for all privileged accounts. Exceptions are available only where the CISO documents that alternative controls provide equivalent security, but MFA is the standard requirement. Class A companies face stricter MFA implementation timelines.
Keep Exploring
References