Skip to main content
Join Our Mailing List
Preschool Students Working With Female Teacher
Programs and Services » Tech20 » Race4Fifteen » Lap 15 Identity and Access Management (IAM)

Lap 15 Identity and Access Management (IAM)

Description: Identity and Access Management (IAM) is a framework of technologies and policies that control user access to systems, applications, and data by enforcing the principle of least privilege, and implementing multi-factor authentication (MFA) to enhance authentication security. It ensures that the right individuals or machines have the correct access to resources at the right time, while preventing unauthorized access. Standardize password for device and not using easily guessed, password management.

 

Why it Matters:

    • Enhances security: Protects sensitive data and systems by preventing unauthorized access, which can help prevent cyberattacks like ransomware and phishing.
    • Boosts productivity: Streamlines access, for example, by allowing employees to use single sign-on (SSO) to access multiple applications with one set of credentials.
    • Simplifies administration: Automates tasks like provisioning and deprovisioning users, which saves time for IT staff.
 

Main Points:

    • Manages digital identities: Assigns a unique digital identity to each user and monitors it.
    • Authenticates users: Verifies that a user is who they claim to be, often using methods like multi-factor authentication (MFA).
    • Authorizes access: Grants or denies access to specific resources based on the user's role or permissions.
    • Provides control: Gives administrators the ability to manage user roles, permissions, and access levels across various systems, both on-premises and in the cloud.
    • Ensures compliance: Helps organizations comply with regulations regarding data access and privacy.
 

Actions to Take:

    • Enable multi-factor authentication (MFA) to help ensure the validation of a user’s identity.
    • Enforce a strong password policy to defend against common cyberattacks and protect sensitive data.
    • Implement the “Principle of Least Privilege”, a foundational access control practice that helps limit user permissions strictly to what is essential for their role.
    • Following a zero-trust framework helps by enforcing strict identity verification prior to authorization of resource access. 
 

Related Resources:

 

Cybersecurity Security Plan Controls:

Texas Cybersecurity Framework: IA AC

NIST Cybersecurity Framework:

Center for Internet Security (CIS) v8: C5

CISA Cybersecurity Performance Goal (CPGs): 2.C, 2.E

K12six Essentials Cybersecurity Protection: 1.1

 TEA cyber initiative: FY26 Looking ahead