Identity Management Platform
Description
The Identity Management Platform provides centralized authentication and identity lifecycle management across the Scheol Lab infrastructure. It handles user accounts, access rights, role assignments, and integrates with administrative and service platforms to enforce authentication and authorization policies.
Asset Identification
| Attribute | Value |
|---|---|
| Asset ID | PLT-IDM-01 |
| CI Type | Platform |
| Asset Name | Identity Management Platform |
| Asset Category | Identity Service |
| Owner | Security Role (Sec) |
| Status | Planned |
| Location | Internal infrastructure |
| Primary Function | Centralized authentication, identity lifecycle management, and access control enforcement |
Asset Dependencies
| Dependency Type | Asset | Status |
|---|---|---|
| Platform | Proxmox Virtualization Platform | Planned |
| Platform | Network Security Platform | Planned |
| Information | Identity & Access Data | Planned |
| Platform | Teleport Access Platform | Planned |
Relationships
| Relationship | Target CI |
|---|---|
| Provides authentication | Administrative bastion, internal services |
| Provides authorization | Platform services and applications |
| Consumes | Identity & Access Data |
| Supports | Security monitoring, risk management processes |
Asset Classification
| Criteria | Level |
|---|---|
| Confidentiality | 🟥 High |
| Integrity | 🟥 High |
| Availability | 🟨 Medium |
Criticality score: 🟥 High
Rationale:
- Confidentiality and integrity are critical because compromise could lead to unauthorized access across the lab environment.
- Availability is medium: short-term downtime impacts operations but does not directly expose sensitive data.
Responsibilities
| Role | Responsibility |
|---|---|
| Security Role (Sec) | Platform hardening, access control enforcement, monitoring integration |
| Operations Role (Ops) | Deployment, maintenance, and service availability |
| Development Role (Dev) | Integration with CI/CD and automation tools |
Security Controls (High-Level)
- Role-based access control and least privilege enforcement
- Multi-factor authentication for administrative access
- Logging of authentication and authorization events
- Regular vulnerability scanning and patching
- Secure configuration of directory services and authentication protocols
Security Considerations
Main risks associated with this asset include:
- Unauthorized access to critical infrastructure
- Compromise of user credentials or identity data
- Misconfiguration of roles or permissions
- Downtime impacting dependent services
Mitigation measures may include:
- Strong authentication policies and MFA
- Continuous monitoring and alerting
- Periodic access reviews and audits
- Integration with logging and SIEM for anomaly detection
Methodological References:
- ISO 27001 - Control 8.2 Privileged access rights ; Control 8.3 Information access restriction ; Control 8.5 Secure authentication.
- NIST CSF - PR.AC Identity Management, Authentication and Access Control ; DE.CM Continuous Monitoring.
- EBIOS RM - Identity systems as critical security infrastructure assets.