Skip to content

Framework structure

Alexander Filipin edited this page Mar 4, 2021 · 16 revisions

Highly overview of personas, context and security controls.

We need to determine which security controls are required, the combination of persona and context will determine it. Below is a overview of the elements used in different frameworks.

Personas

Technical view

  • Internals (Employees)
  • Externals (with Corp identity)
  • Guests (B2B External User)
  • Admins
  • External Admins (with Corp identity)
  • Guest Admins
  • Service Accounts
  • Service Principals
  • General/catch the rest

SPA view

  • Standard user
  • High impact user / developer
  • IT Operations

Cloud Adoption Framework enterprise-scale view

  • Platform owner
  • NetOps
  • SecOps
  • AppOps/DevOps
  • Subscription / landing zone owner

Security controls

  • Enterprise
  • Specialized
  • Privileged

NIST authentication levels

  • Level 1
  • Level 2
  • Level 3
  • Level 4

Context

  • Control
  • Management
  • Data/Workload
  • Baseline
  • Sensitive
  • Highly regulated
  • Personal
  • Public
  • General
  • Confidential
  • Highly Confidential

Cloud Adoption Framework enterprise-scale architecture

  • Platform (Identity, Management, Connectivity)
  • Landing zones

Conditional access

  • Conditions (Apps, Authentication context, ...)