Identity Access Management & Governance

Systems, Computer, Acquisition Architecture and Security Standards

Systems Architecture

The Systems Architecture relates to the Information Architecture, the Data Architecture, and the Computer Architecture. Decisions about specific systems that the organization is going to deploy need to consider the demands made by the business applications, data requirements, interoperability, Security Concerns, Protocols, the hardware and software that will support these systems.

Computer Architecture

The Computer Architecture relates to the Information Architecture, the Data Architecture, and the Systems Architecture. This level is primarily made up of the specific hardware and software that constitutes the technological base for the above architectures. The Computer Architecture defines what hardware and software is available that will meet the needs and the budget allocations.

Acquisition Architecture

Companies continue to grow through acquisitions. Developing and executing an effective acquisition strategy requires "systems thinking on scale" to ensure the various elements of the strategy are integrated, and interdependencies are understood and accounted for during execution of the plan. The acquisition strategy is dynamic in that it must reflect changes that often occur during execution. Cost, schedule, and system performance (or capability) trade-offs may also be required, and program managers will need the insight to make informed decisions based on understanding the risks involved in achieving desired outcomes. Therefore, a service-oriented architecture plays a vital role in both planning and executing this strategy. How the company provides services in the new combined organization will vary depending on the criticality or urgency of the organization or service. Acquisition management often requires balancing the equities of multiple stakeholders by executing a governance process that strikes a balance between the desire for consensus and the agility to change.

Security Standards

    1. Business Specific Security Standards
      1. HIPAA, HITECH, FERPA, PII, etc.
    2. Privacy Act
    3. Records Management Act
    4. Bring your own device (BYOD) - Mobile Devices
      1. NIST SP 1800 – 1 (Healthcare)
      2. NIST SP 1800 - 4 (General)
      3. NIST SP 1800 - 9 (Financial)
      4. NIST SP 1800 - 13 (First Responders)
    5. General Security Standards
      1. IEC/ISO 27001-X (27002, and so on)
      2. IEC/ISO 15048
      3. NIST SP 500/800/1800
      4. NIST SP 1800 - 12 Personal Identity Verification (PIV)

Business/Technical Role Definition

  1. Attribute definition
  2. Attribute hierarchy
  3. Guidelines NIST SP 1800 – 3
  4. Privacy Act