Hello, Guest.!
/

NSA, CISA Recommend Identity & Access Management Best Practices Via New Document

1 min read
NSA, CISA Recommend Identity & Access Management Best Practices Via New Document

The National Security Agency and the Cybersecurity and Infrastructure Security Agency have developed a document as part of the Enduring Security Framework to provide system administrators with recommended best practices related to identity and access management.

Alan Laing, NSA lead for the IAM working group, said in a statement published Tuesday that rigorous IAM enables organizations to detect and prevent malicious cyber actors from gaining access to data of national importance and corrupting critical systems.

The document provides IAM-related threat mitigation techniques organizations should implement. These are identity governance, environmental hardening, identity federation and single sign-on, multifactor authentication and IAM monitoring and auditing.

The paper, for instance, defines identity governance as a process that allows an organization to gain better visibility into access privileges and identities and is comprised of policies that cover role management, access review, reporting, analytics, logging and segregation of duties.

According to the document, phishing, insider threats and creation of accounts to maintain persistence are some of the IAM threats that identity governance can help mitigate.

“IAM is a critical part of every organization’s security posture, and we must work collectively with the public and private sector to advance more secure by default and secure by design IAM solutions,” said Grant Dasher, office of the technical director for cybersecurity at CISA.