The Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA) have released best practices for security leaders concerned with access management. The practices are designed to help security leaders to better protect their identity and access management (IAM) systems as part of the Enduring Security Framework (ESF).

IAM is a framework of business processes, policies and technologies that facilitate the management of digital identities and ensures that users only gain access to data when they have the appropriate credentials. The recommendations focus on some of the following practices: 

  • Identity governance
  • Environmental hardening
  • Identity federation/single sign-on
  • Multifactor authentication
  • IAM auditing and monitoring

Gregory Webb, CEO of AppViewX says that "the release of these new best practices for Identity and Access management coming on the heels of the National Cybersecurity Strategy from the Biden-Harris Administration shows the increase in urgency for organizations to deploy a holistic approach to identity governance. With the focus on cloud migrations and digital transformations, machine identities now considerably outnumber human identities in many organizations, which leads to significant cybersecurity blind spots and business risk." 

"CISA and NSA’s guidance for identity and access management (IAM) comes at pivotal time as organizations struggle to implement best practices to better thwart IAM failures and compromises." — Murali Palanisamy, Chief Solutions Officer at AppViewX.