"ESF Partners, NSA, and CISA Release Identity and Access Management Recommended Best Practices for Administrators"
As part of the Enduring Security Framework (ESF), the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) released the "Recommended Best Practices Guide for Administrators" to provide system administrators with actionable recommendations for protecting their systems from Identity and Access Management (IAM) threats. IAM ensures that users can only access data if they possess the proper credentials. Colonial Pipeline, an oil pipeline system, experienced a major ransomware attack in 2021, that affected the oil/gas distribution system. Many individuals are aware of the attack, but many are unaware that the attack was caused by a leaked password, an inactive Virtual Private Network (VPN) account, and a lack of multifactor authentication (MFA), which can be summed up as inadequate IAM. The paper provides best practices and mitigations to counter threats to IAM related to identity governance, environmental hardening, identity federation, MFA, and IAM auditing and monitoring. This article continues to discuss the release and purpose of the IAM paper.