Chapter 23: Identity and Account Management Controls
Identity
IdP: Identity provider
Attributes
Certificates
Tokens
SSH keys
Smart cards
Account types
User account
Shared and generic accounts/credentials
Guest accounts
Service accounts
Account policies
Password complexity
Password history
Password reuse
Network location
Geofencing
Geotagging
Geolocation
Time-based logins
Access policies
Account permissions
Account audits
By far the MOST important audit item here is Failed Login Attempts.
Impossible travel time/risky login
Lockout
Disablement