As part of the Enduring Security Framework (ESF), the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) published the Recommended Best Practices Guide for Administrators to provide system administrators with actionable recommendations to better secure their systems from threats to Identity and Access Management (IAM).
IAM is a framework of business processes, policies, and technologies that facilitate the management of digital identities. It ensures that users only gain access to data when they have the appropriate credentials.
In 2021, Colonial Pipeline, a major Southeast oil pipeline system, suffered a major ransomware attack, disrupting the oil/gas distribution system and causing long lines at the gas station and consumer panic. Many people know about the attack and the exploitation of the company for money, but many don’t realize that the attack happened because of a leaked password, an inactive VPN account, and a lack of multifactor authentication – all of which can be summed up as poor IAM.
“Malicious cyber actors attempt to hide their activity by exploiting legitimate credentials, either of authorized personnel or of the systems that act on behalf of legitimate users,” said Alan Laing, NSA lead for the IAM working group. “Rigorous Identity and Access Management allows an organization the ability to detect and thwart these actors’ persistent efforts to corrupt critical systems and access information of national importance.”
The paper provides best practices and mitigations to counter threats to IAM related to the following five topics:
- Identity Governance
- Environmental Hardening
- Identity Federation/Single Sign-On
- Multi-Factor Authentication
- IAM auditing and monitoring
“IAM is a critical part of every organization’s security posture, and we must work collectively with the public and private sector to advance more secure by default and secure by design IAM solutions,” said Grant Dasher, Office of the Technical Director for Cybersecurity, CISA. “The ESF’s best practices guide is a valuable first step to aid critical infrastructure organizations’ efforts to assess and strengthen their IAM solutions and processes. We look forward to further collaborations with our partners to improve the IAM ecosystem and aid organizations in achieving a more resilient posture.”
This release is accompanied by an Identity and Access Management Educational Aid presentation and associated talking points to support organizational technical leaders in explaining to decision makers the benefits of a robust IAM program and the associated risks of not implementing one.
This guidance was developed and published by an NSA and CISA led working panel with ESF, a public-private cross-sector partnership that aims to address risks that threaten critical infrastructure and national security systems.