Identities are provisioned, at least in an ad hoc manner, for personnel and other entities such as services and devices that require access to assets (note that this does not preclude shared identities)
Context and Guidance: Provisioning refers to the creation or registration of identities. This involves identifying the entity and documenting attributes such as role and position in the organisation. Provisioning is performed for persons, devices, systems, and processes, whether internal or external to the organisation. Thus, a vendor, agency, or business partner may be registered as an identity by the organisation, as could a system or process from an external organisation. In some cases, organisations may need to use shared identities, such as group accounts. A best practice for provisioning is the identity profile. The profile contains all of the relevant information necessary to describe the unique attributes, roles, and responsibilities of the associated entity. The identity profile is generally initiated and approved by the organisational unit or line of business to which the entity belongs and where decisions about use of organisational assets can be made.
Related Practices • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: ACCESS-1a, ACCESS-1c, ACCESS-1e, ACCESS-1f, ACCESS-1j.