Enforce Identity & Access Management (IAM) for Every User & System

This standard mandates the enforcement of Identity & Access Management (IAM) for every user and system to ensure strict authentication and authorisation controls.

1. Enforce Identity & Access Management (IAM) for Every User & System:

Ensure strict authentication and authorisation controls. This approach ensures that only authorised users and systems can access resources.

• 1.1 Multi-Factor Authentication (MFA):
  • 1.1.1 User and Privileged Accounts:
    • Implement Multi-Factor Authentication (MFA) for all users, including privileged accounts.
    • Automate the enforcement of MFA.
  • 1.1.2 MFA Management:
    • Automate the tracking of MFA usage.
    • Implement MFA tutorials.
• 1.2 Role-Based and Attribute-Based Access Control (RBAC/ABAC):
  • 1.2.1 Access Control Implementation:
    • Use role-based access control (RBAC) and attribute-based access control (ABAC).
    • Automate the configuration of RBAC/ABAC rules.
  • 1.2.2 Rule Management:
    • Automate the tracking of RBAC/ABAC rule implementations.
    • Implement rule feedback collection.
• 1.3 Permission Review and Revocation:
  • 1.3.1 Unused Permission Management:
    • Continuously review and revoke unused or excessive permissions.
    • Automate the review of user permissions.
  • 1.3.2 Revocation Management:
    • Automate the revocation of unused permissions.
    • Implement revocation tutorials.

By enforcing IAM, organisations can ensure strict authentication and authorisation.

---