Identity
| Field |
Value |
| Symbol |
Id |
| Class |
Asset |
| Definition |
A representation of a person, service, workload, or system that can request access. |
Why it matters
Identity is one of the most important assets in modern cybersecurity because access is now distributed across cloud, SaaS, endpoints, APIs, and automation.
- Phishing
- Credential theft
- Session misuse
- Insider misuse
- Excess privilege
- Stale accounts
- Weak authentication
- Missing access review
Common safeguards
- MFA
- Conditional access
- Privileged access management
- Access review
- Identity lifecycle management
Assurance evidence
- User export
- Group membership export
- Sign-in logs
- MFA enrollment report
- Access review record
Framework crosswalk
| Framework |
Mapping idea |
| NIST CSF |
Identity management and access control outcomes |
| ISO 27001 |
Access control and identity lifecycle controls |
| SOC 2 |
Logical access and change review evidence |