NCEdCloud
Service Description
The NCEdCloud Identity and Access Management (IAM) Service provides every K-12 student, teacher, staff member, parent/guardian, and school community member in North Carolina an account, with a single credential that enables access to cloud based learning resources.
Account and Access Control Management Efforts
Security Domain
CIS Control 5 – Account Management, Control 6 – Access Control Management
NIST CSF – Protect: Identity Management, Authorization, and Access Control (PR.AA)
NIST 800-53 – Access Control
- SSO with MFA into state applications
- Same credential for both state and local systems
- Automated provisioning and de-provisioning (Identity Lifecycle Management)
PSU Time Commitment
Upfront/Setup: Varies based on PSU (All PSUs are enrolled in this service)
Ongoing: Varies based on unique PSU environment
How to get this service
Contact NCEdCloud IAM Service POC for more information
Point of Contact
Name: John Mairs, NCDPI
Email: John.Mairs@dpi.nc.gov
Resources
- CISA and NSA – Identity and Access Management Recommended Best Practices for Administrators
- Account and Credential Management Policy Template for CIS Controls 5 and 6
- Accounts and credentials such as passwords are how we access phones, tablets, workstations, and web applications. Each of these accounts can be used to gain unauthorized access into an enterprise’s walled garden to steal data. There are many ways to covertly obtain access to accounts such as weak passwords, old accounts from a fired employee, or passwords involved in a data breach for a separate company that are also used on your systems. There are multiple types of accounts that often need to be managed. This resources outlines a set of policies to cover how accounts and credentials are managed in the enterprise, and other access control related functions. This policy is meant as a “jumping off point” for PSUs needing to draft their own policies.
- CIS Password Policy Guide
- Passwords are ubiquitous in modern society. If you have an account on a computer system, there will likely be at least one password that will need to be managed. Passwords are the easiest form of computer security to implement, and there have been many variations. Over the years, security experts have tried to make passwords harder to crack by enforcing various system specific rules on the creation and use of passwords. The goal of this document is to consolidate this new password guidance in one place. Ideally, a single comprehensive password policy can serve as a standard wherever a password policy is needed.
- CISA and NSA – Identity and Access Management: Developer and Vendor Challenges
- NIST Digital Identity Guidelines NIST SP 800-63-3 provides a framework for digital identity management, outlining standards for identity proofing, authentication, and federation to enhance security and privacy in online transactions while categorizing identity assurance levels and offering best practices for compliance.