Information Technology Reference
In-Depth Information
• USA Patriot Act
• Enhanced Border Security and Visa Entry Reform Act
In addition to these federal acts, many additional requirements derive
from state and local legislation as well as regulatory mandates applied by
specific industries. The Cardholder Information Security Program (CISP)
and Payment Card Industry Data Security Standards (PCI DSS) are exam-
ples of industry-mandated practices involving identity management.
Business Drivers
I n a dd it ion to re g u l ator y c ompl ia nc e, m a ny a dd it ion a l bu si ne s s d r iver s m ay
affect the decision to implement an identity management solution. Effec-
tive identity management practices and technologies provide a number of
advantages that may hold value for stakeholders and decision makers:
•
Security.
Border control, asset protection, and data exposure con-
trols rely heavily on effective identity management. Fraud, misuse,
and internal access management rely on the ability to distinguish
acting identities and to assign responsibility for use. Unique identity
assignment ensures non-repudiation of logged events by establishing
the acting identity involved.
•
Cost.
User access provisioning and password management solu-
tions can reduce the amount of administrative overhead required to
create, update, and retire user identities to meet changes in employ-
ment and organizational structure.
•
Productivity.
Improved transparency between authentication
boundaries can increase user productivity and acceptance by elimi-
nating unnecessary reentry of identifying credentials when accessing
remote resources. This is critical to the functionality of service-ori-
ented architecture (SOA) distributed application development and
data consolidation solutions such as intranet portals.
Identity Management Elements
Identity management solutions differ from identification, authentication,
and authorization systems. Identity management systems may include
