{"id":4687,"date":"2024-08-02T09:00:00","date_gmt":"2024-08-02T14:00:00","guid":{"rendered":"https:\/\/www.darkreading.com\/cybersecurity-operations\/implementing-identity-continuity-with-nist-cybersecurity-framework"},"modified":"2024-08-02T09:00:00","modified_gmt":"2024-08-02T14:00:00","slug":"implementing-identity-continuity-with-the-nist-cybersecurity-framework","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/08\/02\/implementing-identity-continuity-with-the-nist-cybersecurity-framework\/","title":{"rendered":"Implementing Identity Continuity With the NIST Cybersecurity Framework"},"content":{"rendered":"
<\/a><\/div>\n
<\/div>\n

COMMENTARY<\/span><\/span>
In the modern enterprise, where IT infrastructure, applications, and data are spread across multiple <\/span>clouds<\/a><\/span>, hybrid clouds, and on-premises data centers, <\/span>identity<\/a><\/span> ensures that the right individuals have access to the right resources at the right times. In many ways, identity is now on par with electricity when it comes to business continuity. Without it, business operations grind to a standstill. <\/span><\/p>\n

Just as most businesses have backup power sources so they can continue to operate when their electric utility goes down, organizations should implement an identity continuity plan to maintain the availability of critical IT systems if their primary identity provider (IDP) is offline. Having a failover plan is more critical than ever, since many organizations now rely on cloud-based IDPs that are vulnerable to outages for a host of reasons, including provider outages, natural disasters, loss of Internet connectivity, and more. <\/span><\/p>\n

When developing an identity continuity strategy, the <\/span>NIST Cybersecurity Framework<\/a><\/span> can serve as a valuable model to follow. Designed to help organizations manage and mitigate cybersecurity risks, it consists of five core functions: Identify, Protect, Detect, Respond, and Recover. Each function plays a pivotal role in forming a robust identity continuity plan. Here\u2019s how to map an identity continuity plan to the <\/span>NIST Cybersecurity Framework<\/a><\/span>. <\/span><\/p>\n

Identify<\/h2>\n

Inventory Applications, Policies, and Identities<\/h3>\n

The initial step in creating an identity continuity plan involves cataloging all applications, policies, and identities within the organization. This inventory should distinguish between different user groups, such as customers and employees, to address their specific access requirements effectively.<\/span><\/p>\n

This process should include detailing interdependencies and criticalities to ensure comprehensive coverage. Classifying these resources based on their criticality and the potential impact of downtime helps prioritize efforts. For instance:<\/span><\/p>\n

\n