|
5.0 Access Control and Identity Management
- RADIUS
- TACACS+
- Kerberos
- LDAP
- XTACACS
- SAML
- Secure LDAP
- Identification vs. authentication vs. authorization
- Authorization
- Least privilege
- Separation of duties
- ACLs
- Mandatory access control
- Discretionary access control
- Rule-based access control
- Role-based access control
- Time of day restrictions
- Authentication
- Tokens
- Common access card
- Smart card
- Multifactor authentication
- TOTP
- HOTP
- CHAP
- PAP
- Single sign-on
- Access control
- Implicit deny
- Trusted OS
- Authentication factors
- Something you are
- Something you have
- Something you know
- Somewhere you are
- Something you do
- Identification
- Biometrics
- Personal identification verification card
- Username
- Federation
- Transitive trust/authentication
- Mitigates issues associated with users with multiple account/roles and/or shared accounts
- Account policy enforcement
- Credential management
- Group policy
- Password complexity
- Expiration
- Recovery
- Disablement
- Lockout
- Password history
- Password reuse
- Password length
- Generic account prohibition
- Group based privileges
- User assigned privileges
- User access reviews
- Continuous monitoring
|
|
|