What the NSA’s latest identity and access management guidance means for you
The NSA and CISA have shared actionable guidance for protection against evolving cyber threats to digital identities.
The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) recently released a report titled, “Recommended Best Practices for Administrators: Identity and Access Management.”
The report features useful insights into the current cyber threats facing organizations attempting to apply more secure identity and access management.
Let’s take a closer look at the report’s highlights and the steps you can take to implement its recommendations.
There are five key areas of identity and access management
The report, a document released by the Enduring Security Framework public-private partnership, speaks to system administrators. It includes best practices for securing IT systems from cybersecurity threats to identity and access management.
There are five key areas in which the report provides guidance:
- Identity governance
- Environmental hardening
- Single sign-on
- Multifactor authentication
- Identity and access management auditing and monitoring
The report outlines how each capability makes you more secure and what you can do to assess and prepare your system to employ each as a best practice.
Why identity and access management are critical to your organization
Cybersecurity threats to identity and access management are growing more sophisticated every day. If your organization is the victim of a cyberattack, you will want to have the right measures in place to secure your systems.
As the report notes, using security features such as multifactor authentication and single sign-on do not just secure your organization’s systems and assets – they also protect any partners or consumers who may have shared data with you or engaged with your IT systems.
All organizations have a responsibility to themselves and their partners to maintain a well-fortified cybersecurity posture.
Identity and access management actions recommended in the report
Overall, the report makes four broad recommendations:
- Assess your current identity and access management capabilities
- Set up secure solutions in any areas that require improvement
- Uphold the appropriate security level to manage risk once you have implemented your secure solutions
- Stay up to date on current best practices for identity and access management use and risks going forward
You can consult the document for a full inventory of best practices and actions to consider for your identity and access management needs. And if you don’t have time to read the whole thing right now, the report does include an appendix with a quick checklist of actions organizations can take now to improve their identity and access management security posture:
Environmental hardening
- Inventory all IT assets within the organization
- Determine which identities within your organization correspond to each asset
- Identify the security controls you currently have in place
- Develop a “network traffic baseline” to detect any security anomalies
Identity federation/single sign-on
- Assess the ability of your organization’s applications and devices to integrate with a single sign-on solution
- Gauge your single sign-on solution’s ability to collect user information such as user location, device, and behavior
Multifactor authentication
- Identify the right multifactor authentication solution for your organization, then integrate it
- Inventory all multifactor authenticators across your enterprise
- Perform routine tests of your multifactor authentication solution
Identity and access management auditing and monitoring
- Establish baseline activity levels for privileged users
- Monitor general user behavior (i.e., systems accessed, hours worked, remote access patterns)
- Monitor activity across your network for changes in connectivity as well as types of data shared
- Monitor external traffic, taking special note of unusual activities and interactions from unrecognized users or sites
What your organization do today to optimize identity and access management security
Understanding what is needed for optimal security and taking the steps needed to make that a reality are separate endeavors. If you are not well-versed in secure digital identity management, turning these recommendations into your standard operating procedure can be challenging.
To apply these recommendations effectively, you’ll want to partner with a comprehensive digital identity management provider that offers the following solutions in one platform:
- Enterprise single sign-on
- Identity governance
- Multifactor authentication
- Privileged access management