Identity Management, Authentication, and Access Control (PR.AA)
In this control family, we will cover how identities are created and managed and how to prove that the identity matches the person using it. Identities do not necessarily have to be those bound to a person; they could also be system-based identities. We must ensure that each identity is unique and that only one entity is assigned to each identity.
PR.AA-01
There are several ways to manage your users’ credentials. Most organizations utilize a system that provides an identity store. The identity store contains usernames, passwords, groups, and other security-related information. That identity store then works with the Lightweight Directory Access Protocol (LDAP) to ensure that it can communicate in a standard way with other downstream systems.
There are several different types of credentials. There...
