# Identity Resilience and DR One-sentence definition: Keep authentication/authorization available during outages and recover quickly after incidents. ## Key Facts - Multi-region IdP; redundant DCs; tested failover and runbooks. - Out-of-band break-glass; cached credentials strategies where safe. - Backup signing keys and config; secure key escrow and rotation plans. - Dependency mapping (NTP, DNS, PKI); monitor SLOs. - **Verify:** check official (ISC)² CBK and current exam outline. ## Exam Relevance - Choose identity DR first—no auth means no business. **Mnemonic:** “**Auth** must **always** work.” ## Mini Scenario Q: IdP offline during DDoS—how keep control? A: Use CDN/DDoS protection, secondary region, and offline break-glass. ## Revision Checklist - Two redundancy tactics. - Key management for DR. - Critical dependencies. ## Related [[IdP Hardening and High Availability]] · [[Account Recovery and Break-Glass Procedures]] · [[Time Synchronization and NTP Security]] · [[MOC - CISSP]] · [[Identity Threat Detection and Response (ITDR)]] · [[Domain 5 - Index]]