In case you haven’t heard, a v1.2 update was released to the Microsoft Identity and Access Management Series, which adds the new Password Mgmt paper.
This documentation highlights the following: “The Password Management paper outlines different approaches to password management and addresses the technical issues that effective password management involves. The paper uses a fictitious organization to illustrate the process of how to determine password policy requirements, carry out step-by-step procedures to enforce a strong password policy, and then manage the organization's passwords through both an intranet and an extranet. Finally, the paper discusses how to validate the password management implementation and perform common operation tasks to maintain it.”
Within MOF, in the Operating Quadrant (see my prior post about the MOF process model here) is a service management function entitled Security Administration. The process flow in the Security Administration SMF includes:
The Password Mgmt paper delves into areas appropriate to the above processes, in particular authentication and auditing. The detail in this documentation could be quickly customized for an organization to provide the documented processes necessary for a more repeatable and predictable environment.
Security Administration within the operating quadrant should not be confused with the Security Management SMF in the Optimizing quadrant. The Security Mgmt SMF focuses more on the management and development side of security, as in security assessment, strategy, policy formation, and encouraging continuous improvement. This compares to the above processes in the Security Administration SMF which is more focused on day to day operations necessary to maintain desired security levels as determined by the policy and strategy defined in the optimizing quadrant process.