United States of America: Published Security Framework Guidance on Identity and Access Management

On 21 March 2023, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) released the Security Framework Guidance on Identity and Access Management as part of the Enduring Security Framework (ESF). The Guidance outlines best practices and recommendations designed to assist system administrators in enhancing the security of their systems against threats to Identity and Access Management (IAM). IAM encompasses a framework of business processes, policies, and technologies that facilitate the effective management of digital identities, ensuring that individuals are granted access to data only when they possess the appropriate credentials. In addition to physical users, the Guidance also encompasses service and system accounts, which are crucial for IAM administrators to oversee within their respective organisations effectively.