In Chapter 2, we define a reference identity and access management (IAM) framework that depicts the components and subcomponents of a comprehensive IAM program. This framework provides a hierarchical definition of capability levels for each of the components and subcomponents. The intent of this framework is to establish a structure against which to (1) perform a assessment of an organization’s current state IAM program, processes, and technology; (2) assist in the definition of a set of desired future state capabilities; and (3) identify the gaps between current and future state. This current state, future state, and gap assessment can then be used to support the development ...