Security Frameworks

TL;DR If you’re leading or supporting an Identity and Access Management (IAM) program, you’re already touching all five functions of the NIST Cybersecurity Framework (CSF)—you just may not be thinking of it that way. This post breaks down how each function of the NIST CSF maps directly to your identity lifecycle, from provisioning to detection to post-breach recovery. 🧠 Background: Why NIST CSF Still Matters The NIST Cybersecurity Framework (CSF) remains a go-to model for organizations aiming to assess and improve their security posture....

TL;DR In 2025, non-human identities (NHIs)—like bots, service accounts, and automation agents—are no longer passive infrastructure components. They can now request access, trigger workflows, and even be AI-augmented. That makes them riskier than ever. This post breaks down how to spot bad practices, apply controls, and align your IAM strategy to handle NHIs like first-class identities. 🧠 Background: What Are Enhanced NHIs? Traditionally, non-human identities were limited to API keys or service accounts performing narrow tasks....