Manage Identity and Access



Manage identities and establish access control policies and procedures for management of administrative privileges.

Key Considerations


If using ADFS, consider the following:


Additional Considerations



  1. Directive on Security Management - Appendix B: Mandatory Procedures for Information Technology Security Control, subsections B.2.3.1, B.
  2. SPIN 2017-01, subsection 6.2.3
  3. CSE Top 10 #3
  4. Refer to CCCS ITSP.30.031 V2 User Authentication Guidance for Information Technology Systems
  5. Refer to the Guidance on Cloud Authentication for the Government of Canada (accessible only on the Government of Canada network)
  6. Refer to the Recommendations for Two-Factor User Authentication Within the Government of Canada Enterprise Domain (accessible only on the Government of Canada network)
  7. Related security controls: AC‑2, AC‑2(1), AC‑3, AC‑5, AC‑6, AC‑6(5), AC‑6(10), AC‑7, AC‑9, AC‑19, AC‑20(3), IA‑2, IA‑2(1), IA‑2(2), IA‑2(11), IA‑4, IA‑5, IA‑5(1), IA‑5(6), IA‑5(7), IA‑5(13), IA‑6, IA‑8