IAM Review — Identity & Access Management Security Assessment

Grounded in: NIST SP 800-63B (Digital Identity Guidelines: Authentication and Lifecycle Management), NIST SP 800-207 (Zero Trust Architecture), CIS Controls v8 (Controls 5 and 6)

When to Use

If a target is provided via arguments, focus the review on: $ARGUMENTS

Invoke this skill when:

• Reviewing IAM policies, role definitions, or permission boundaries in any cloud provider (AWS, Azure, GCP)
• Assessing user provisioning and deprovisioning workflows
• Evaluating authentication configurations (MFA, SSO, password policies)
• Auditing service account and machine identity hygiene
• Conducting a zero-trust readiness or maturity assessment
• Preparing for compliance audits that cover access control (SOC 2, ISO 27001, PCI DSS, HIPAA)
• Responding to incidents involving credential compromise or privilege escalation