CISA, NSA Issue New IAM Best Practice Guidelines


The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) recently released a new 31-page document outlining best practices for identity and access management (IAM) administrators


As the industry increasingly moves towards cloud and hybrid computing environments, managing the complexities of digital identities can be challenging. Nonetheless, the importance of IAM cannot be overstated in today’s world, where data security is more critical than ever. Meanwhile, IAM itself can be a source of vulnerability if not implemented and managed effectively. 


Identity-Related Tactics Used by Threat Actors


The CISA and NSA report highlighted real-world examples to illustrate the type and severity of threats targeting IAM. For example, CISA Alert (AA21-321A) revealed that advanced persistent threat (APT) actors sponsored by the Iranian government are actively exploiting IAM vulnerabilities. The alert showed how attackers can compromise credentials, escalate privileges and create new user accounts on critical infrastructure components across various sectors in the United States. 


These vulnerabilities allowed actors to gain access to domain controllers, servers, workstations and directories responsible for authenticating and authorizing users and devices. With this level of access, APT actors could conduct follow-on operations like data exfiltration, encryption, ransomware and extortion.


Moreover, cyber groups are increasingly targeting Single Sign-On (SSO) technology, a critical component of IAM. By exploiting SSO functions, actors can potentially bypass traditional access controls and gain access to a broad range of resources across the organization.


IAM Threat Mitigation Techniques


The best practices discussed in the CISA-NSA report revolved around tactics that ..

Support the originator by clicking the read the rest link below.