IDSO-010: Re-attestation is triggered based on a high risk event

Description: Security related alerts or events captured by systems indicating that a potential breach of policy has occurred should result in the violating identities access, undergoing a full re-attestation in an expedited manner.

Benefit: Organizational exposure to defined policy breaches is monitored and reduced. Future potential breaches are reduced due to proactive attestation.

Watch the deep dive webinar to learn more about this security outcome.

Implementation Approaches

Security Frameworks

NIST Cybersecurity Framework 1.1

  • PR.AC-1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized devices, users and processes
  • PR.AC-3: Remote access is managed
  • PR.AC-6: Identities are proofed and bound to credentials and asserted in interactions
TitleSecurity Monitor Triggers Attestation
Technology ComponentsUser Entity and Behavior Analytics (UEBA)
Security Information and Event Management (SIEM)
Identity Governance and Administration (IGA)
DescriptionSystems in an organization’s environment that have some degree of security monitoring capabilities are integrated with an Identity Governance solution that is capable of initiating identity-based attestation/certification campaigns. A security policy is defined and applied in the monitoring tool. When Monitoring tool detects a policy violation based on user activity – an alert is raised and details of the alert is picked up by the Governance solution. Based on the policy in the governance solution, it can initiate a full attestation of user entitlements/permissions associated with the Identity or with the resource that generated the alert. User cannot continue to violate policy based on remediation of access driven through certification. Additional potential violations are reduced if additional access is removed during the attestation.
Pre-requisitesMonitoring tools in place
Organization specific security policies defined
Certification/attestation policy defined
Communication from monitoring to governance platform to trigger possible remediation
Supporting Member CompaniesForgeRockOmadaSailPointSaviyntSecZettaThalesThreatMetrix


Let's work together to help everyone become more secure.