Identity & Access Data

Description

Identity & Access Data contains authentication records, user identities, group memberships, roles, permissions, and access control information used across the Scheol Lab infrastructure.

This asset underpins identity management, secure authentication, authorization, and auditing processes.

Asset Identification

Attribute	Value
Asset ID	DAT-IDM-01
CI Type	Information
Asset Name	Identity & Access Data
Asset Category	Identity Management
Owner	Security Role (Sec)
Status	Planned
Location	Identity Management Platform (LDAP Directory)
Primary Function	Authentication, authorization, and access control

Asset Dependencies

Dependency Type	Asset	Status
Platform	Identity Management Platform	Planned
Information	Automation Playbooks	Planned
Platform	Logging & Monitoring Platform	Planned

Relationships

Relationship	Target CI
Supports	Secure Remote Access
Supports	Administrative Bastion Access
Supports	Logging & Monitoring Platform
Uses	Automation Playbooks

Asset Classification

Criteria	Level
Confidentiality	🟥 High
Integrity	🟥 High
Availability	🟨 Medium

Criticality score: 🟥 High

Rationale:

Confidentiality is critical due to sensitive user credentials and PII.
Integrity is essential to prevent unauthorized access or privilege escalation.
Availability is important for operational access but can tolerate brief downtime with failover mechanisms.

Responsibilities

Role	Responsibility
Security Role (Sec)	Maintain, monitor, and protect identity and access data
Operations Role (Ops)	Support platform deployment and backup processes
Development Role (Dev)	Integrate identity data usage in CI/CD and automation scripts

Security Controls (High-Level)

Access control - restricted read/write permissions
Encryption - credentials and sensitive attributes encrypted at rest and in transit
Auditing & Logging - track access and modifications
Regular reviews - periodic validation of accounts, roles, and permissions

Security Considerations

Main risks include:

Unauthorized access or privilege escalation
Data leakage (credentials, PII)
Corruption or loss of identity data

Mitigations:

Strong authentication and authorization policies
Encryption and secure storage
Continuous monitoring and alerting
Periodic account and role reviews

Methodological References:

ISO 27001 - Control 8.2 Privileged access rights ; Control 8.16 Monitoring activities.

NIST CSF - PR.AC Identity Management, Authentication and Access Control ; DE.CM Continuous Monitoring.

GDPR - Article 5 Principles relating to processing of personal data ; Article 32 Security of processing.

EBIOS RM - Identity information as a critical asset supporting security operations.

Description​

Asset Identification​

Asset Dependencies​

Relationships​

Asset Classification​

Responsibilities​

Security Controls (High-Level)​

Security Considerations​