mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-14 23:14:55 +03:00
mukul975
28 lines
1.1 KiB
Markdown
28 lines
1.1 KiB
Markdown
# Standards and References - Just-In-Time Access Provisioning
|
|
|
|
## NIST Standards
|
|
- **NIST SP 800-207**: Zero Trust Architecture - Section 3 (Logical Components)
|
|
- **NIST SP 800-53 Rev 5**:
|
|
- AC-2(2): Automated Temporary and Emergency Account Management
|
|
- AC-2(3): Disable Accounts
|
|
- AC-6: Least Privilege
|
|
- AC-6(5): Privileged Accounts
|
|
- **NIST SP 1800-35**: Implementing a Zero Trust Architecture
|
|
|
|
## Zero Trust Frameworks
|
|
- **CISA Zero Trust Maturity Model**: Identity pillar - dynamic access provisioning
|
|
- **DoD Zero Trust Reference Architecture**: JIT/JEA requirements
|
|
- **Forrester ZTX**: Extended Zero Trust with JIT access
|
|
|
|
## Tools and Platforms
|
|
- **Microsoft Entra PIM**: Privileged Identity Management with JIT elevation
|
|
- **CyberArk JIT**: Privileged access on-demand
|
|
- **SailPoint**: Identity governance with access request workflows
|
|
- **HashiCorp Boundary**: Just-in-time access to infrastructure
|
|
- **StrongDM**: Dynamic access management
|
|
|
|
## Compliance
|
|
- **SOX**: Least privilege for financial system access
|
|
- **PCI DSS 4.0**: Requirement 7.2 - Access based on need to know
|
|
- **HIPAA**: Minimum necessary standard for PHI access
|