Å·ÃÀ¿Ú±¬ÊÓƵ of Missouri
Identity and Access Management Program
Program Overview
Identity and Access Management (IAM, also known as Identity Management IdM) is an organizational set of business policies, processes and technologies that enable the use of a digital identity to access electronic resources. An IAM program is essential to support the use and security of the Å·ÃÀ¿Ú±¬ÊÓƵ’s electronic services and assets, including access to data, applications, and other enterprise resources such as servers, networks, and databases. In short, IAM impacts everyone and everything.
Identity and Access Management plays a key role in the productivity and security of the Å·ÃÀ¿Ú±¬ÊÓƵ of Missouri. Proper administration of IAM policies and procedures can improve the security posture of UM Å·ÃÀ¿Ú±¬ÊÓƵ entities, protect Å·ÃÀ¿Ú±¬ÊÓƵ resources, help ensure data integrity and confidentiality, and reduce the organizational risk of data breaches involving identities. In addition, IAM can increase productivity and collaboration within and outside of the Å·ÃÀ¿Ú±¬ÊÓƵ, improve the user experience, enable research and collaboration, as well as ensure regulatory compliance management is systematically managed and achieved.
The outcome of the Å·ÃÀ¿Ú±¬ÊÓƵ of Missouri’s IAM Program will govern IAM vision and program components.
IAM Vision
The Å·ÃÀ¿Ú±¬ÊÓƵ of Missouri’s IAM Vision seeks to:
- Improve the Information Security and Compliance posture of the Å·ÃÀ¿Ú±¬ÊÓƵ
- Provide a consistent and understood identity process for Å·ÃÀ¿Ú±¬ÊÓƵ managed IT solutions and systems
- Simplify and improve the user experience including increased productivity and collaboration
IAM Program Components
- IAM Governance
- IAM Policies and Procedures
- IAM Solutions and Tools
- IAM Metrics and Measurement
IAM Governance
The Å·ÃÀ¿Ú±¬ÊÓƵ of Missouri adopts the following governance model for Identity and Access Management:
The UM Chief Information Security Officer will be ultimately responsible for the Å·ÃÀ¿Ú±¬ÊÓƵ of Missouri identity management systems and support.
Identity Management Governance Committee
The IdM Governance Committee holds oversight responsibility for the implementation of the IAM Program components. This committee reports to the Information Security Group (ISG) which reports up to the Å·ÃÀ¿Ú±¬ÊÓƵ-wide Information Security Council (SISC).
The IdM Governance Committee will oversee IdM Workgroups with the chairs of the workgroups acting as a liaison between the different workgroups, the CISO, and the IdM Governance Committee to ensure everyone is kept informed and in check.
Members of the IdM Governance Committee include the following:
- Chief Information Security Officer
- Information Security Officer for S&T
- Information Security Officer for UMKC
- Information Security officer for UMSL
- Information Security Officer for MU
- Information Security Officer for MU Health Å·ÃÀ¿Ú±¬ÊÓƵs
- Chair of the IdM Policies & Procedures Workgroup
- Chair of the IdM Technology Workgroup
The CISO will chair the IdM Governance Committee or will appoint a designee.
Identity Management Policies & Procedures Workgroup
This workgroup will focus on the business side of IdM as it relates to rules, policies, and procedures; defining how identity and account management are handled at the Å·ÃÀ¿Ú±¬ÊÓƵ of Missouri, and defining what functions are needed with IdM tools.
Members of the Policies & Procedures Workgroup will be appointed by each campus ISO and should represent individuals from each campus that support or oversee the implementation of identity management policies, procedures and/or support on each campus.
Identity Management Technology Workgroup
The IdM Technology Workgroup will help support and advise technical architecture and implementation of identity management tools to support IAM including identity management, authentication, authorization, and accountability tools. This team will include a mix of employees that report directly to the CISO and other IT staff from across UM Å·ÃÀ¿Ú±¬ÊÓƵ IT that have the knowledge, skills, and interest in supporting and providing IdM tools. The IdM Technology workgroup will be charged with providing the design, implementation, and day-to-day support of IdM tools and will adhere to UMS-IT/DoIT programming and change management standards.
Members of the Technical Workgroup will be appointed by each campus ISO and should represent individuals from each campus that provide technical support for identity management work on each campus.
IAM Policies and Procedures
The IdM Governance bodies will collectively establish, implement, and manage a comprehensive set of IAM policies to govern requirements related to identity, authentication, authorization, and accountability.
- The IdM Policy and Procedures workgroup makes IAM policy recommendations to the IdM Governance authority
- The IdM Governance Committee has approval authority over IAM policies
- Any concerns regarding IAM Policies will be escalated to the SISC.
The IdM Policies and Procedures Workgroup will establish, implement, and manage IAM procedures and specific definitions for implementation of IAM policies for all systems and applications.
IAM Solutions and Tools
The IAM Governance bodies will collectively provide direction and oversight of a long-term IAM solutions and/or tools. These tools support the following IAM functions:
- Identity - the creation and maintenance of electronic identifiers for people, resources, or systems
- Authentication – the process of validating that people or entities are who they say they are
- Authorization – the process of determining if a user has the right to access a service or perform an action
- Auditing/Accountability – the process of logging IAM events for auditing so who or what is responsible for actions can be determined
IAM Metrics and Measurement
The IAM governing bodies will collectively be responsible for providing metrics and measurement for regular reporting of IAM functionality to stakeholders and executive management.
Reviewed 2022-02-15