New to the JumpCloud on-line community and wanted to post a question:
What are customers (and the JumpCloud support team) using and recommending for Identity User Access Reviews.
This is the process/report stipulated by NIST 800-53 PR.AC-4 that states that user, admins, roles need to be reviewed on a period basis. The individual guidances (HIPAA/HITRUST, PCI-DSS, SOX, SOC2, ISO 27001 and now CMMC) spell out the frequency.
All the best and great to be part of the discussion!
There are a few ways that I have seen customers do this. But let's break this down.
1. Users: Users are given access to various resources (ie: RADIUS, LDAP, SSO Apps, Devices) either by a direct association or through user groups. I would assume that everyone is using user groups. Therefore, finding the association of the groups is fairly simple using the powershell module and the commandlet `Get-Association`. You can also use the RESTFIUL API to grab the data you are looking for as well. This would require using v2 API in order to get the association
2. Admins: Our Role Based permissions for the admins are pretty straight forward. I would suggest creating some sort of google sheet or excel file that tracked what role each admin had access to. You can also use the API v2 for Administrators to get the associations as well for this. But it would be easier to simply track what roles each admin has since these are likely to change often and likely not many admins (unless you're an MSP)
Our new Reports feature is currently able to run the following:
Users to LDAP,RADIUS,Directores,Devices - when this expands, it will help with grabbing reports directly from the panel on users to groups, and applications. For now, the best solution will be using and compiling some sort of API call to grab the data you are looking for.
One of our community members has created a Make application that allows you to automate most of this. You can find that at ifonly.solutions. This is a paid application developed by someone within our community (not supported or sponsored by JumpCloud). But looking at the modules, it seems to do most things rather well! Definitely worth a look into.
Wanted to add - we at YouAttest have ported our award winning (and customer loving) identity access review solution to JumpCloud. Install is all of 5 minutes. Executes on the access reviews and creates the evidence (the reports) needed for SOX, SOC2, ISO 27001, PCI-DSS, GLB, CMMC and HIPPA/HITECH guidances.