This is the content of identity and access management of CISSP®
This domain 5 is worth 13 % of the grade to be achieved
Domaine 5 of CISSP®
Content updated according to the new official programme for 2024
| N° | Description |
|---|---|
| 5.1 | Control physical and logical access to assets |
| 5.1.1 | Information |
| 5.1.2 | Systems |
| 5.1.3 | Devices |
| 5.1.4 | Facilities |
| 5.1.5 | Applications |
| 5.2 | Manage identification and authentication of people, devices, and services |
| 5.2.1 | Identity Management (IdM) Implementation |
| 5.2.2 | Single/Multi-Factor Authentication (MFA) |
| 5.2.3 | Accountability |
| 5.2.4 | Session management |
| 5.2.5 | Registration, proofing, and establishment of identity |
| 5.2.6 | Federated Identity Management (FIM) |
| 5.2.7 | Credential management systems |
| 5.2.8 | Single Sign On (SSO) |
| 5.2.9 | Just-In-Time (JIT) |
| 5.3 | Federated identity with a third-party service |
| 5.3.1 | On-premise |
| 5.3.2 | Cloud |
| 5.3.3 | Hybrid |
| 5.4 | Implement and manage authorization mechanisms |
| 5.4.1 | Role Based Access Control (RBAC) |
| 5.4.2 | Rule based access control |
| 5.4.3 | Mandatory Access Control (MAC) |
| 5.4.4 | Discretionary Access Control (DAC) |
| 5.4.5 | Attribute Based Access Control (ABAC) |
| 5.4.6 | Risk based access control |
| 5.5 | Manage the identity and access provisioning lifecycle |
| 5.5.1 | Account Access review (eg, user, system, service) |
| 5.5.2 | Provisioning and deprovisioning (eg, on /off boarding and transfers) |
| 5.5.3 | Role definition (eg, people assigned to new Roles) |
| 5.5.4 | Privilege escalation (eg, managed service accounts, use of sudo, minimizing its use) |
| 5.6 | Implement authentication systems |
| 5.6.1 | OpenID Connect (OIDC)/Open Authorization (Oauth) |
| 5.6.2 | Security Assertion Markup Language (SAML) |
| 5.6.3 | Kerberos |
| 5.6.4 | Remote Authentication Dial-In User Service (RADIUS)/Terminal Access Controller Access Control System Plus (TACACS+) |