CMMC Checklist Contact Us
Back to list
Published 20 Nov 2025

No MFA… And No Password!

I was recently on a CMMC assessment where the company had an Ubuntu machine. I asked them to log on and show me if multifactor authentication (MFA) was enabled.

They did. Everything looked good.

Then, I asked them to run an administrative command – one that should require superuser privileges like looking at log files. They typed:

sudo tail -20 /var/log/syslog

Guess what?

No password prompt. No MFA challenge. Straight to root access.

This is a common issue with Linux machines, especially when MFA is configured only for the initial login but not for privilege escalation.

Under CMMC, running administrative functions must require MFA, whether they’re run locally or remotely.

So do not assume that your Linux boxes are compliant. Make sure that the superuser access is protected with both password and MFA.

Brenda Harper
Content Writer
Related Posts
cfyt3i • 23 Feb 2026
Unsubscribe Confirmation
Are you sure you want to unsubscribe from our mailing list?
Brenda Harper • 19 Feb 2026
Defined Roles Demonstrate Maturity and Repeatability
Have you ever heard the saying that if Everybody thinks Somebody is going to do something, then Nobody actually does...
Brenda Harper • 15 Feb 2026
How Much Risk is Too Much?
Here’s the hard truth. Not all risk can be eliminated. But compliance frameworks like CMMC require you to determine how...

Company

About
Contact Us

Resources

Regulations
CMMC Checklist
Best Practices
More

Support

FAQs