CompTIA Security+ Access Control and Identity Management

Welcome to this review of the Pluralsight course CompTIA Security+ Access Control and Identity Management by Chris Rees

This is the 5th course in the Security+ learning path. It is the shortest course at 1h 21m in length and containing just 3 modules. It is quite relevant to application development and many developers will already have some experience of at least one of the discussed authentication protocols.

Authentication Services

Covers six different authentication services:
RADIUS – Remote Authentication Dial-In User Service
Both flavours of Terminal Access Controller Access-Control System, or TACACS – XTACACS and TACACS+
Chris Rees compares RADIUS with TACACS+. In many respects TACACS+ offers superior functionality over RADIUS

Authentication, Authorization and Access Control

Also covers six main areas. This time they are:

Identification (who you are) including Usernames and 2 USA smart cards: the Personal Identification Verification Card, and the Common Access Card
Authentication (proving who you are)
Authentication Factors
Authorization (permissions)
Transitive trust/authentication

Account Management Security Controls

Again contains six main areas.

Users with multiple account/roles and/or shared accounts
Account policy enforcement
Group based privileges
User assigned privileges
User access reviews
Continuous monitoring

Related Courses

If you use .NET, Dominick Baier has three courses on Identity and Access Control for you

Identity and Access Control in .NET 4.5
Identity and Access Control in ASP.NET 4.5
Identity and Access Control in WCF 4.5

He also has other security courses on topics such as JSON Web Tokens and OpenID/OAuth

Activities to complement this course:

Recommended Speed: 1.2x

Next course: CompTIA Security+ Cryptography

One thought on “CompTIA Security+ Access Control and Identity Management

  1. Hi Kevin, I am enjoying your blog. Although, only about half makes sense to me. I am not a software engineer. I am a physical security consultant and system engineer. The world of InfoSec has been opened to me this year and my interest has resulted in a change in my business role. I have been tasked with understanding this space. HID Global is one of the ASSA ABLOY companies and they are a leading player in the physical security market providing identity & credential management solutions, encrypted data formats and source authentication via RF technology (among other things).

    The convergence of our two worlds is impacting my system design and I need to know more. Can you recommend the resources and people that could help me? I am not looking to learn how to code, I just need to understand how our industries can work together to better protect our common client’s physical and virtual assets and harden the infrastructure supporting these automated systems, My blog explains much of this at: and my email is THANKS!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s