FB pixel

NSA and CISA publish identity and access management best practices for US

Categories Access Control  |  Biometrics News
NSA and CISA publish identity and access management best practices for US
 

Two powerful security agencies of the U.S. government have published best ID and access management practices recommended for system administrators.

The list of actionable pieces of advice were created by the National Security Agency and CISA, the cybersecurity and Infrastructure Security Agency. It is difficult to know how applicable the practices can be to sysadmins elsewhere in the world.

Executives who feel they have a handle on the situation could still benefit from a discussion about IAM monitoring and auditing.

The guideline announcement dives directly into a summary of the Colonial Pipeline attack in 2021, which proved that vigilance and defensive strategies are required now to avoid catastrophic economic and physical damage due to cyberattacks.

Boilerplate IAM could have prevented the Colonial attack, according to the federal government.

“IAM is a critical part of every organization’s security posture,” Grant Dasher, an ID engineer with CISA, says in a statement.

“We must work collectively with the public and private sector to advance more secure by default and secure by design IAM solutions,” says Dasher.

The best-practices reference itself was created by the NSA and CISA along with input from a public-private security group known as the Enduring Security Framework.

The guide is broken into discussions about ways to mitigate IAM threats – describing each one and emphasizing its importance.

The topics are ID governance, environmental hardening, ID federation and single sign-on, multi-factor authentication and IAM monitoring and auditing.

Article Topics

 |   |   |   |   |   |   | 

Latest Biometrics News

 

ACCS announces participants in Australia’s Age Assurance Technology Trial

In keeping with its philosophy of transparency by default in running Australia’s Age Assurance Technology Trial, the Age Check Certification…

 

DPI-as-a-Packaged Solution marks major milestone with Trinidad and Tobago rollout

The first ever implementation of DaaS — DPI-as-a-Packaged Solution — is going live in Trinidad and Tobago in a test…

 

AI agents spark musings on identity, payments and wallets

AI agents continue to attract attention, including in the digital identity industry, which sees an opportunity for innovation. Their importance…

 

Trump deregulation is re-shaping the future of biometric surveillance in policing

The advent of AI has exponentially increased the capabilities of biometric tools such as facial recognition, fingerprint analysis, and voice…

 

World expands Android support for World ID credentials

World’s positive relationship with Malaysia continues, with the launch of Android support for World ID Credentials in the country, following…

 

Sri Lanka national data exchange to connect digital ID and public services

A fully developed foundational ID system, including citizen registration, may take 18 to 24 months for Sri Lanka to implement,…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events