Account and Access Control Management

Security Domain

CIS Control 5 – Account Management, Control 6 – Access Control Management
NIST CSF – Protect: Identity Management, Authorization, and Access Control (PR.AA)
NIST 800-53 – Access Control

Service Description

The NCEdCloud Identity and Access Management (IAM) Service provides every K-12 student, teacher, staff member, parent/guardian, and school community member in North Carolina an account, with a single credential that enables access to cloud based learning resources.

We Treat Online Identities as Unique and Valued People

Product

NCEdCloud IAM Service / RapidIdentity via Identity Automation

Key Benefits

SSO with MFA into state applications
Same credential for both state and local systems
Automated provisioning and de-provisioning (Identity Lifecycle Management)

Cost to PSUs

No cost – funded by School Connectivity Initiative and NCDPI K-12 Cybersecurity Program

PSU Time Commitment

Upfront/Setup: Varies based on PSU (All PSUs are enrolled in this service)
Ongoing: Varies based on unique PSU environment

How to get this service

Contact NCEdCloud IAM Service POC for more information

Point of Contact

Name: John Mairs, NCDPI
Email: John.Mairs@dpi.nc.gov

Resources

CISA and NSA – Identity and Access Management Recommended Best Practices for Administrators
CISA and NSA – Identity and Access Management: Developer and Vendor Challenges
NIST Digital Identity Guidelines NIST SP 800-63-3 provides a framework for digital identity management, outlining standards for identity proofing, authentication, and federation to enhance security and privacy in online transactions while categorizing identity assurance levels and offering best practices for compliance.
- [Supplement 1] Incorporating Syncable Authenticators into NIST SP 800-63B: Digital Identity Guidelines — Authentication and Lifecycle Management
- NIST 800-53-4 Second Public Draft