Systems
|
13
|
|
5.1.3
|
Devices
|
13
|
|
5.1.4
|
Facilities
|
13
|
|
5.1.5
|
Applications
|
13
|
|
5.2
|
Manage identification and authentication of people, devices, and services
|
13
|
|
5.2.1
|
Identity Management (IdM) implementation
|
13
|
|
5.2.2
|
Single/multi-factor authentication (MFA)
|
13
|
|
5.2.3
|
Accountability
|
13
|
|
5.2.4
|
Session management
|
13
|
|
5.2.5
|
Registration, proofing, and establishment of identity
|
13
|
|
5.2.6
|
Federated Identity Management (FIM)
|
13
|
|
5.2.7
|
Credential management systems
|
13
|
|
5.2.8
|
Single Sign On (SSO)
|
13
|
|
5.2.9
|
Just-In-Time (JIT)
|
13
|
|
5.3
|
Federated identity with a third-party service
|
13
|
|
5.3.1
|
On-premise
|
13
|
|
5.3.2
|
Cloud
|
13
|
|
5.3.3
|
Hybrid
|
13
|
|
5.4
|
Implement and manage authorization mechanisms
|
14
|
|
5.4.1
|
Role Based Access Control (RBAC)
|
14
|
|
5.4.2
|
Rule based access control
|
14
|
|
5.4.3
|
Mandatory Access Control (MAC)
|
14
|
|
5.4.4
|
Discretionary Access Control (DAC)
|
14
|
|
5.4.5
|
Attribute Based Access Control (ABAC)
|
14
|
|
5.4.6
|
Risk based access control
|
14
|
|
5.5
|
Manage the identity and access provisioning lifecycle
|
13, 14
|
|
5.5.1
|
Account access review (e.g., user, system, service)
|
13
|
|
5.5.2
|
Provisioning and deprovisioning (e.g., on/off boarding and transfers)
|
13
|
|
5.5.3
|
Role definition (e.g., people assigned to new roles)
|
13
|
|
5.5.4
|
Privilege escalation (e.g., managed service accounts, use of sudo, minimizing its use)
|
14
|
|
5.6
|
Implement authentication systems
|
14
|
|
5.6.1
|
OpenID Connect (OIDC)/Open Authorization (Oauth)
|
14
|
