55. What is the concept of Authentication, Authorization, and Accounting (AAA) and why are information security policies so important, and do you offer comprehensive I.T. security documentation?


The concept of Authentication, Authorization, and Accounting (i.e., audit) - generally known as AAA – is one of the most well-known and widely used principles within information security. In short, one assigns users an appropriate and acceptable "identification" phrase, which is generally a username. Users then use their respective username with a password, passphrase or some other type of commonly used method of "authentication" to actually authenticate to that very system resource. The three (3) factors are generally seen as the following: (1). something you know. (2). something you have. (3). something you are. Successful authentication occurs when one’s credentials are entered into a system resource (i.e., such as typing in a username or password) and compared against stored user information with a database, which ultimately allows a user to gain access, or be denied.


Once users have successfully identified and authenticated themselves, they then are "authorized" to perform certain functions within those system resources based on the access rights afforded to them. Role Based Access Control (RBAC), Mandatory Access Control (MAC), and Discretionary Access Control (DAC) are the three (3) primary types of access rights afforded to users once granted authorization rights to system resources.


And finally, the concept of "accounting" (i.e., effectively auditing and monitoring this type of environment) includes removing aged and dormant accounts, validating access rights for privileged accounts, reviewing log reports for access rights violations, and other essential activities. Lastly, a wide variety of tools along with traditional methods are successfully used for ensuring these measures are being initiated.

Security Policies are A Vital Component of the AAA Principles

For the AAA principle to be effective within organizations, a well-documented and highly formalized user provisioning and de-provisioning lifecycle needs to be in place - complete with comprehensive policies, procedures, forms, checklists, and other supporting access documents.  FLANK, a global leader in offering high-quality, professionally developed information security documents, offers an all-inclusive set of policy and procedural documentation containing literally hundreds of policies, procedures, forms, checklists, templates, provisioning and hardening material- and more –available for purchase and immediate download.  It's called the FLANK21 and it's available for immediate download today.

View Sample Information Security Policies

Additionally, not only does the FLANK21 set of documents contain a comprehensive 75 + pages of Authentication, Authorization, and Accounting (AAA) templates, organizations also receive essential network security documents, along with policies for operating systems, databases, and dozens of other categories. Learn more about our signature product, the FLANK21.