The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) released new guidance on March 21 that offers system administrators best practices for identity and access management (IAM).
CISA and NSA released the IAM guidance as part of the Enduring Security Framework (ESF), a public-private partnership that aims to address risks that threaten critical infrastructure and national security systems.
IAM is a framework of business processes, policies, and technologies that facilitate the management of digital identities – ensuring that only users with the appropriate credentials gain access to data.
“IAM is a critical part of every organization’s security posture, and we must work collectively with the public and private sector to advance more secure by default and secure by design IAM solutions,” said Grant Dasher, Office of the Technical Director for Cybersecurity, CISA.
“The ESF’s best practices guide is a valuable first step to aid critical infrastructure organizations’ efforts to assess and strengthen their IAM solutions and processes,” he added. “We look forward to further collaborations with our partners to improve the IAM ecosystem and aid organizations in achieving a more resilient posture.”
The guidance’s best practices provide system administrators with actionable recommendations to better secure their systems from IAM threats. Specifically, it offers best practices and mitigations to counter threats related to identity governance, environmental hardening, identity federation/single sign-on, multi-factor authentication (MFA), and IAM auditing and monitoring.
It also offers a checklist for actions organizations can take immediately, such as routinely testing and patching your organization’s MFA infrastructure; identifying all the local identities on the assets to know who has access to which assets; and determining if your single sign-on integration can collect user context during single sign-on logins – including location, device, and behavior.
“Malicious cyber actors attempt to hide their activity by exploiting legitimate credentials, either of authorized personnel or of the systems that act on behalf of legitimate users,” said Alan Laing, NSA lead for the IAM working group. “Rigorous identity and access management allows an organization the ability to detect and thwart these actors’ persistent efforts to corrupt critical systems and access information of national importance.”