CISA and NSA Release Enduring Security Framework Guidance on Identity and Access Management

As part of the Enduring Security Framework (ESF), CISA and the National Security Agency (NSA) have released Identity and Access Management Recommended Best Practices Guide for Administrators. These recommended best practices provide system administrators with actionable recommendations to better secure their systems from threats to Identity and Access Management (IAM).

IAM—a framework of business processes, policies, and technologies that facilitate the management of digital identities—ensures that users only gain access to data when they have the appropriate credentials. This paper provides recommended best practices and mitigations to counter threats to IAM related to:

Identity governance
Environmental hardening
Identity federation/single sign-on
Multifactor authentication
IAM auditing and monitoring

ESF is a CISA- and NSA-led working panel that includes a public-private cross-sector partnership, which aims to address risks that threaten critical infrastructure and national security systems.

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.

CISA and NSA Release Enduring Security Framework Guidance on Identity and Access Management

Please share your thoughts

CISA Releases Three Industrial Control Systems Advisories

CISA and Partners Release Advisory on Akira Ransomware

Oracle Releases Critical Patch Update Advisory for April 2024

CISA Releases Four Industrial Control Systems Advisories

CISA and NSA Release Enduring Security Framework Guidance on Identity and Access Management

Please share your thoughts

Related Advisories

CISA Releases Three Industrial Control Systems Advisories

CISA and Partners Release Advisory on Akira Ransomware

Oracle Releases Critical Patch Update Advisory for April 2024

CISA Releases Four Industrial Control Systems Advisories