Connect with us

Hi, what are you looking for?


Identity & Access

CISA, NSA Issue Guidance for IAM Administrators

New CISA and NSA guidance includes recommended best practices for identity and access management (IAM) administrators.

The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) this week announced new guidance for identity and access management (IAM) administrators.

A framework for the management of digital identities, IAM covers the business processes, policies, and technologies that ensure user access to data.

The basis for proper IAM involves inventorying, auditing, and tracking user identities and access, which represent daunting but necessary operations, especially with state-sponsored groups successfully exploiting vulnerabilities in IAM products and implementations, CISA and the NSA point out.

According to Verizon’s 2022 Data Breach Investigation Report, stolen credentials have been used in most of the observed web application attacks, as well as in nearly half of reported data breaches.

With advanced persistent threat (APT) actors finding critical infrastructure an appealing target, organizations in this sector “have a particular responsibility to implement, maintain, and monitor secure IAM solutions and processes to protect not only their own business functions and information but also the organizations and individuals with whom they interact,” the new guidance reads (PDF).

CISA and the NSA point out that IAM solutions should be managed, patched, and updated as any other software, to prevent vulnerability exploitation that could lead to the compromise of multiple systems and data.

“Securing IAM infrastructure is critical. Ultimately, the goal is that organizations proactively take the appropriate action to protect against an attack rather than be in the position of deploying fundamental IAM capabilities far too late,” the guidance reads.

Advertisement. Scroll to continue reading.

The document provides recommendations on mitigating threat actor techniques such as the creation of new accounts, taking over accounts of former employees, vulnerability exploitation, the creation of alternative access points, exploitation of users, the compromise of passwords, accessing systems and exploiting stored credentials, exploiting default passwords, and downgrading encryption.

The guidance also includes recommended best practices for identity governance, environmental hardening, identity federation and single sign-on (SSO), multi-factor authentication (MFA), and IAM monitoring and auditing.

These recommendations cover the creation, transition, and termination of user accounts; the hardening of on-site and cloud-hosted IAM systems; network hardening; backup creation; the implementation of least privilege principles and network segmentation; the assessment of network security; the management and security of critical IAM assets; the internal management of identities; MFA implementation; and what IAM auditing and monitoring involve.

“IAM weaknesses are frequently exploited in the most insidious threats, APTs, which have led to catastrophic data breaches. The use of SSO without a good MFA foundation and secure design selections, exacerbates the damage of attacks that an organization may be vulnerable to such as password cracking and authenticator hijacking,” CISA and the NSA note.

Related: CISA Seeks Public Opinion on Cloud Application Security Guidance

Related: NSA Shares Guidance on Maturing ICAM Capabilities for Zero Trust

Related: NSA Publishes Security Guidance for Organizations Transitioning to IPv6

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Identity & Access

NSA publishes recommendations on maturing identity, credential, and access management capabilities to improve cyberthreat protections.