CISA and NSA Release New Guidance on Identity and Access Management

Cybersecurity and Infrastructure Security Agency sent this bulletin at 10/04/2023 02:42 PM EDT

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

You are subscribed to Cybersecurity Advisories for Cybersecurity and Infrastructure Security Agency. This information has recently been updated, and is now available.

10/04/2023 08:00 AM EDT

Today, CISA and the National Security Agency (NSA) published Identity and Access Management: Developer and Vendor Challenges, authored by the Enduring Security Framework (ESF), a CISA- and NSA-led working panel that includes a public-private cross-sector partnership. ESF aims to address risks that threaten critical infrastructure and national security systems.

This publication, which follows ESF's Identity and Access Management Recommended Best Practices Guide for Administrators, assesses and addresses challenges developers and technology manufacturers face in identity and access management (IAM). The guidance specifically addresses technology gaps that limit the adoption and secure employment of multifactor authentication (MFA) and single sign-on (SSO) technologies within organizations.

Although the publication primarily addresses challenges facing large organizations, it also provides recommendations applicable to smaller organizations. CISA encourages cybersecurity defenders to review this guidance and to speak to their software vendors about implementing its recommendations.

This product is provided subject to this Notification and this Privacy & Use policy.

Having trouble viewing this message? View it as a webpage.

You are subscribed to updates from the Cybersecurity and Infrastructure Security Agency (CISA)
Manage Subscriptions | Privacy Policy | Help

Connect with CISA:
Facebook | Twitter | Instagram | LinkedIn | YouTube