An Identity and Access Management (IAM) system’s purpose is to control the framework and facilitate electronic identities, specifically procedures of identity management. Identity and Access Management technology can be used to ensure that services are managed, authorized, and audited properly within an organization. Use the template to create your own Identity and Access Management Policy to ensure the appropriate use and security of users’ credentials and that the systems they affect are covered. This policy defines what the enterprise must do, how the enterprise must do it, and it includes the best recommendations to customize the template to individual enterprise requirements.
Risks Addressed by Policy:
- Without active account management, the potential exists that legitimate users can use these accounts for illegitimate purposes.
- Without authorization, identification, and authentication controls, the potential exists that information systems could be accessed illicitly and that the security of those information systems can be compromised.
- Lack of or poor control of identity and access management could potentially pose significant risks both inside and outside the organization within the overall security of the company.