[CDP-development] CISA & NSA Publish ESF Guidance on Identity and Access Management

Masse, Theresa theresa.masse at cisa.dhs.gov
Tue Mar 21 15:44:11 PDT 2023 

FYSA

As part of the Enduring Security Framework (ESF), the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) published the Recommended Best Practices Guide for Administrators<https://media.defense.gov/2023/Mar/21/2003183448/-1/-1/0/ESF%20IDENTITY%20AND%20ACCESS%20MANAGEMENT%20RECOMMENDED%20BEST%20PRACTICES%20FOR%20ADMINISTRATORS%20PP-23-0248_508C.PDF> to provide system administrators with actionable recommendations to better secure their systems from threats to Identity and Access Management (IAM).

IAM is a framework of business processes, policies, and technologies that facilitate the management of digital identities. It ensures that users only gain access to data when they have the appropriate credentials. The paper provides best practices and mitigations to counter threats to IAM related to the following five topics:

  *   Identity Governance
  *   Environmental Hardening
  *   Identity Federation/Single Sign-On
  *   Multifactor Authentication
  *   IAM auditing and monitoring

This release is accompanied by an Identity and Access Management Educational Aid<https://media.defense.gov/2023/Mar/21/2003183450/-1/-1/0/IDENTITY%20AND%20ACCESS%20MANAGEMENT%20EDUCATIONAL%20AID.PDF> to support organizational technical leaders in explaining to decision makers the benefits of a robust IAM program and the associated risks of not implementing one.

This guidance was developed and published by a CISA and NSA led working panel with ESF, a public-private cross-sector partnership that aims to address risks that threaten critical infrastructure and national security systems.

Theresa A. Masse
Cybersecurity State Coordinator/Advisor, Region 10 (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671
Email: theresa.masse at cisa.dhs.gov<mailto:theresa.masse at cisa.dhs.gov>

[cid:image002.png at 01D95C0B.EB7131C0]


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20230321/6916d50e/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 16152 bytes
Desc: image002.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20230321/6916d50e/attachment-0001.png>

More information about the CDP-development mailing list