As part of the Enduring Security Framework (ESF), the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) has released Identity and Access Management Recommended Best Practices Guide for Administrators. These recommended best practices provide system administrators with actionable recommendations to better secure their systems from threats to identity and access management (IAM).
The paper provides recommended best practices and mitigations to counter threats to IAM related to:
- Identity governance
- Environmental hardening
- Identity federation/single sign-on
- Multifactor authentication
- IAM auditing and monitoring.
Read the guidance (PDF).