CISA and NSA Release New Guidance on Identity and Access Management

CISA and the National Security Agency (NSA) have published Identity and Access Management: Developer and Vendor Challenges, authored by the Enduring Security Framework (ESF), a CISA- and NSA-led working panel that includes a public-private cross-sector partnership. This publication, which follows ESF’s Identity and Access Management Recommended Best Practices Guide for Administrators, assesses and addresses challenges developers and technology manufacturers face in identity and access management (IAM).

The guidance specifically addresses technology gaps that limit the adoption and secure employment of multifactor authentication (MFA) and single sign-on (SSO) technologies within organizations. Although the publication primarily addresses challenges facing large organizations, it also provides recommendations applicable to smaller organizations.

IAM is a complex topic that is a key component of network defense and, when IAM processes break down, organizations and accounts are left vulnerable. Both CISA and WaterISAC encourage cybersecurity defenders to review this guidance and to speak to their software vendors about implementing its recommendations. Read more at CISA.