| The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and Enduring Security Framework (ESF) partners released New Guidance on Identity and Access Management to enable developers and integrators to refine their existing tools to address the gaps with achieving secure identity and access management (IAM) and, if necessary, develop new tools to address the challenges for their IAM products and solutions. IAM is a framework of business processes, policies, and technologies that facilitate the management of digital identities. It ensures that users only gain access to data when they have the appropriate credentials. The new guidance identifies the adoption and secure employment of multi-factor authentication (MFA) and single sign-on (SSO) technologies as a key developer and vendor challenge that has been difficult to meet with the technology that is currently available. IAM solutions must enable an organization’s staff to differentiate between authorized users performing the organization’s mission and unauthorized entities attempting to access the infrastructure while also supporting a prompt and effective response to indicators of compromise. Successful implementation of secure IAM capabilities, to include MFA and SSO, depends on the vendor community to provide solutions to achieve secure outcomes. For interoperability to be effective, the community must work together to provide IAM solutions that will enable successful and secure outcomes. |