@@ -792,12 +792,21 @@ These requirements are generally binding, and there is no low-medium-high tierin
### 5.2.6 Role based authorisation
### 5.2.6 Role based authorisation
The identity management is an essential piece in the larger puzzle of cybersecurity. A secure product is required to confirm the identity and authority of all users performing an action. If the system fails to identify such actions and authority, or fails to track who executed commands, the system can easily fall into a state of chaos.
The identity management is an essential piece in the larger puzzle of cybersecurity.
A secure product is required to confirm the identity and authority of all users performing an action.
Identity and authorization to execute a single or a set of commands can be two different systems depending on the design.
In smaller systems, these two are often combined.
An identity management system provides for the authentication of each user. It provides the assurance of that an entity has authorization and has provided the correct information to the product to perform a specific action.[\[i.12\]](#_ref_i.12)
An NMS can serve also traffic without running an identification routine of the distant entity:
Only a well maintianed trusted source list can provide functional authentication.
A router in residential use is often configured in a way that the physical access to a local port is sufficient to identify Service Requesting User.
The user whom benefits from the provisioned configuration.
In addition, a managed device can have a configuration port, a management API, a firmware update channel, and even a debugging interface, whereas all of them are classified as privileged and require proper authorisation.
If the source authentication is a company internal directory, the content needs to be up to date and reflect the status of persons granted current access.
An identity management system provides for the identity of each administrative user.
It provides the assurance of that an entity has authorization and has provided the correct information to the product to perform a specific action.[\[i.12\]](#_ref_i.12)
Only a well maintianed trusted source list can provide functional identity.
If the source identity is a company internal directory, the content needs to be up to date and reflect the status of persons granted current access.
These requirements apply to all network management systems, regardless of the product's use case and without variation for different tiers or risk.
These requirements apply to all network management systems, regardless of the product's use case and without variation for different tiers or risk.
