Best practices

NSA, CISA Publish Guide to Strengthen Identity, Access Management

A working group led by the National Security Agency and the Cybersecurity and Infrastructure Security Agency has developed and published an identity and access management guide to help system administrators enhance their defenses against malicious cyber actors using legitimate credentials to access critical data and systems.

Administrators are encouraged to adopt best practices, including deploying identity governance solutions, hardening the enterprise environment and employing multifactor authentication, the NSA said.

The “Recommended Best Practices Guide for Administrators” guide, developed with Enduring Security Framework partners, identifies the techniques bad actors frequently use. According to the paper, such actors create new accounts to maintain persistence, assume control of former employee accounts that were not suspended upon termination and exploit vulnerabilities to forge authentication assertions.

Alan Laing, NSA lead for the IAM working group, said strengthening IAM will help organizations detect and prevent cyber actors from accessing systems and data using legitimate credentials.

According to CISA and NSA, in the 2021 ransomware attack on Colonial Pipeline, a leaked password, an inactive VPN account and a lack of multifactor authentication were to blame for the attack.

In 2022, the Verizon Data Breach Investigation Report stated that 80 percent of web application attacks used stolen credentials.