# Identity and Access Management Identity and Access Management is a [[Foundational Capabilities|L0 or Top Level]] capability that [[Cybersecurity]] capabilities directly depend on. It is common when organizations are early in their Digital Transformation journey or Product Development lifecycle to see this capability delegated to other top level capabilities owners. ## Map ``` mermaid <!-- element style="width:90%; height:auto" --> graph TD subgraph two[Foundational] subgraph subPadding1[ ] direction LR F[Application Management] G[Asset Management] H[Backup and Recovery] I[Code Management] J[Data Management] K[Device Management] L[Domain Management] M[Email Management] N[Identity and Access Management] O[Log Management] P[Network Management] Q[Policy Automation] R[Stream Processing] S[Third Party Management] T[Training] F ~~~ G G ~~~ H H ~~~ I I ~~~ J K ~~~ L L ~~~ M M ~~~ N N ~~~ O P ~~~ Q Q ~~~ R R ~~~ S S ~~~ T end end %% Class Definitions %% ===================== class two subPadding; classDef subPadding fill:none,font-size:20px; class subPadding1,subPadding2 subgraph_padding; classDef subgraph_padding stroke:none,fill:none,margin:0; class F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T internal-link,font-color:white; class Top cssClassL0; classDef cssClassL0 fill:black,stroke:#333,stroke-width:4px,font-size:15px,font-color:white; class A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T cssClassL1; classDef cssClassL1 fill:gray,stroke:#333,stroke-width:0px,font-size:15px,font-color:white; class N cssClassCurrent; classDef cssClassCurrent fill:#2f9503,stroke:#2f9503,stroke-width:4px,font-size:15px,font-color:white; ``` ## Maturity Model | | Stage 1 | Stage 2 | Stage 3 | Stage 4 | Stage 5 | | ------------- | ------------------- | ------- | ----------------------- | ------- | ------- | | **Category** | User Authentication | | Inventory of Identities | | | | **Dependent** | | | [[Persona Management]] | | | ## Requirements | Category | Guidance | Dependent Capability | Adversary Persona | | ---------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- | ------------------------------------------------ | | **Biometrics Management** | + Establish and maintain a secure biometrics repository or partner service with appropriate safeguards. | | [[Credential Theft]] | | Credential Management | | | [[Credential Theft]] | | Certificate Management | | | [[Credential Theft]] | | Device Identification | | | [[Credential Theft]]<br>[[Insider Threat]] | | **Inventory of Identities** | + Establish and maintain an identity repository supporting entities that require identity verification, such as: workforce, external users, applications, and devices. | [[Persona Management]] | [[Credential Theft]]<br><br>[[Insider Threat]] | | User Identification | | | [[Credential Theft]] | | Role-based Access | | | [[Insider Threat]] | | User Authentication | + Implement Adversary Resistant Authentication for Sensitive Workloads. | | [[Account Takeover]]<br><br>[[Credential Theft]] | | Privileged Access Management | | | [[Insider Threat]] | | Identity Federation | | | [[Credential Theft]] | | Conditional Access | | | [[Credential Theft]]<br>[[Insider Threat]] | ## Metrics >[!cm-metric] Metric: [[Time Saved Per User Login]] Ratio of Account Takeover vs. Total Password Reset Requests ## Inspiration & Resources + ## Release Notes + [[WIP - Q3 2024 Release#Document Foundational Capabilities and Develop Templates for sub-pages]] ## [Cyber City Map](https://cybercitymap.com/) © 2023-2024 by [ThirdScore, Inc.](https://thirdscore.com/) All Rights Reserved.