In the recent past CSA has defined the categories of security services that can be offered as Security as a Service. The functionalities listed in each category as part of the category definition is looked into in detail. The implementation guidance series tries to define the best practices in the design, development, assessment and implementation of these service categories.
The implementation guidance on the Identity and Access Management provides direction for the enterprise security stakeholders responsible for ensuring the security of IAM solutions in a corporate IT environment
In this guidance, detailed discussions on the following areas are included:
- Centralized Directory Services
- Access Management Services
- Identity Management Services
- Identity Federation Services
- Role-Based Access Control Services
- User Access Certification Services
- Privileged User and Access Management
- Separation of Duties Services
- Identity and Access Reporting Services
The full IAM implementation guidance is available here.
Image Source: CSA Guidance