Identity and Access Management¶

Securely manage the lifecycle and privileges of all accounts, roles, and groups, using automation.

Related SP 800-53 Controls: AC-2.2, AC-2.3, AC-2.13, AC-6.7, IA-4.4, IA-12, IA-12.2, IA-12.3, IA-12.5

Use secure passwordless methods for user authentication and authorization when feasible, otherwise enforce strong passwords with MFA for authentication.

Related SP 800-53 Controls: AC-2, AC-3, IA-2.1, IA-2.2, IA-2.8, IA-5.1, IA-5.2, IA-5.6, IA-6

Persistently ensure that identity and access management employs measures to ensure each user or device can only access the resources they need.

Related SP 800-53 Controls: AC-2.5, AC-2.6, AC-3, AC-4, AC-6, AC-12, AC-14, AC-17, AC-17.1, AC-17.2, AC-17.3, AC-20, AC-20.1, CM-2.7, CM-9, IA-2, IA-3, IA-4, IA-4.4, IA-5.2, IA-5.6, IA-11, PS-2, PS-3, PS-4, PS-5, PS-6, SC-4, SC-20, SC-21, SC-22, SC-23, SC-39, SI-3

---

Terms: Persistently

Use a least-privileged, role and attribute-based, and just-in-time security authorization model for all user and non-user accounts and services.

Related SP 800-53 Controls: AC-2, AC-2.1, AC-2.2, AC-2.3, AC-2.4, AC-2.6, AC-3, AC-4, AC-5, AC-6, AC-6.1, AC-6.2, AC-6.5, AC-6.7, AC-6.9, AC-6.10, AC-7, AC-20.1, AC-17, AU-9.4, CM-5, CM-7, CM-7.2, CM-7.5, CM-9, IA-4, IA-4.4, IA-7, PS-2, PS-3, PS-4, PS-5, PS-6, PS-9, RA-5.5, SC-2, SC-23, SC-39

Enforce multi-factor authentication (MFA) using methods that are difficult to intercept or impersonate (phishing-resistant MFA) for all user authentication.

Related SP 800-53 Controls: AC-2, IA-2, IA-2.1, IA-2.2, IA-2.8, IA-5, IA-8, SC-23

Enforce appropriately secure authentication methods for non-user accounts and services.

Related SP 800-53 Controls: AC-2, AC-2.2, AC-4, AC-6.5, IA-3, IA-5.2, RA-5.5

Automatically disable or otherwise secure accounts with privileged access in response to suspicious activity.

Related SP 800-53 Controls: AC-2, AC-2.1, AC-2.3, AC-2.13, AC-7, PS-4, PS-8

---

Terms: Vulnerability Response