Strengthening Cybersecurity Through Improved Identity and Access Management

Identity, and Access Management strategies

The US Government is the largest employer in the United States with over 2.7 million employees using thousands of secure applications. Companies can gain valuable insight by learning about and participating in new Federal identity management policies and strategies. Improving cybersecurity through identity management modernization will help mitigate next generation threats for federal agencies and US companies.

The White House Office of Management and Budget (OMB) is proposing a new policy to improve Federal agencies’ implementation of Identity, Credential, and Access Management (ICAM) – the security disciplines that enable the right individual to access the right resource, at the right time, for the right reason.

Federal agencies must be able to identify, credential, monitor, and manage user access to information and information systems across their enterprise in order to ensure secure and efficient operations. In particular, how agencies conduct identity proofing,establish digital identities, and adopt sound processes for authentication and access control will significantly impact the security of their digital services. Additionally, as information about individuals becomes more widely available through social media or through breaches of personally identifiable information (PII), it is increasingly important that all agencies adopt identity validation solutions that enhance privacy and mitigate negative impacts to delivery of digital services and maintenance of online trust. It is also essential that agencies’ Identity, Credential, and Access Management (ICAM) strategies and solutions are informed by risk perspectives and driven by targeted outcomes.

Implementation of Effective Identity Management Governance

Establishing effective ICAM governance is an important part of the federal government’s continual efforts to promote robust cybersecurity. To ensure effective governance, agencies shall leverage the approaches and principles of National Institute of Standards and Technology (NIST) Special Publication (SP) 800-63, Digital Identity Guidelines. 2 Agencies shall also continue to follow Homeland Security Presidential Directive 12 (HSPD-12) requirements pertaining to the identity verification and credentialing of federal employees and contractors. To reach these goals, agencies shall:

Define and implement ICAM policies, processes, and technology solutions that encompass the agency’s entire enterprise, align with the government-wide Federal ICAM Enterprise Architecture, and meet Federal policies, standards, and guidelines;
Designate an integrated ICAM office, team, or other governance structure in support of its Enterprise Risk Management capability that includes personnel from the offices of the Chief Information Officer, Chief Security Officer, Human Resources, General Counsel, Senior Agency Official for Privacy, and component organizations that manage ICAM programs and capabilities. These offices, as well as program managers and acquisition offices, should regularly coordinate to ensure that the agency’s ICAM policies, processes, and technologies are being implemented, maintained and managed consistently. This includes coordinating the deployment of capabilities and functionality provided through the Continuous Diagnostics and Mitigation (CDM) Program;
Outline enterprise-level performance expectations for cybersecurity and privacy risk management throughout each user’s lifecycle, including changes in the user’s access privileges;
Develop a mechanism to streamline and automate enterprise-level performance reporting. This mechanism should align with existing and planned reporting and analytics structures and tools, such as the CDM dashboards and FISMA reporting;
Incorporate Digital Identity Risk Management into existing processes as outlined in NIST SP 800-63, including the selection of Identity Assurance Levels (IALs), Authentication Assurance Levels (AALs), and Federation Assurance Levels (FALs) commensurate with the risk to their digital service offerings.

Modernization of Identity Management Capabilities

It is imperative that agencies implement and harmonize their ICAM capabilities, while ensuring that ICAM solutions are not fragmented or duplicative. To achieve this objective, agencies shall take the following steps to modernize their ICAM architecture:

Reduce Solution Overlap: Agencies shall establish authoritative solutions for their ICAM services, promoting the most effective solutions at an enterprise level.

Promote Innovation through Modularity: Agencies shall ensure that deployed ICAM capabilities are interchangeable and developed based on open Application Programming Interfaces (APIs) and/or commercial standards to promote interoperability and enable componentized development.

Learn More

To read more about this policy please visit the Office of the Federal Chief Information Officer policy announcement. Comments on this policy may be submitted by creating an issue on the GitHub page for this draft policy.

To learn how IdRamp can help improve cybersecurity through Decentralized Identity and Access Management please send a contact request.

Schedule a Demonstration

Contact

Cookie	Type	Duration	Description
__cfduid	1	4 weeks	The cookie is set by CloudFare. The cookie is used to identify individual clients behind a shared IP address d apply security settings on a per-client basis. It doesnot correspond to any user ID in the web application and does not store any personally identifiable information.
cookielawinfo-checkbox-advertisement	0	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	0	11 months	This cookies is set by GDPR Cookie Consent WordPress Plugin. The cookie is used to remember the user consent for the cookies under the category "Analytics".
cookielawinfo-checkbox-necessary	0	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-non-necessary	0	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Non Necessary".
cookielawinfo-checkbox-performance	0	11 months	This cookie is used to keep track of which cookies the user have approved for this site.
viewed_cookie_policy	0	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Type	Duration	Description
_ga	0	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, camapign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assigns a randoly generated number to identify unique visitors.
_gid	0	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the wbsite is doing. The data collected including the number visitors, the source where they have come from, and the pages visited in an anonymous form.
GPS	0	30 minutes	This cookie is set by Youtube and registers a unique ID for tracking users based on their geographical location
IDE	1	1 year	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
is_unique	0	4 years	The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visited in an anonymous form
is_visitor_unique	0	2 years	The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visited in an anonymous form
sc_is_visitor_unique	0	2 years	The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the wbsite is doing. The data collected including the number visitors, the source where they have come from, and the pages visited in an anonymous form.
vuid	0	2 years	The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visited in an anonymous form.

Cookie	Type	Duration	Description
_gat	0	1 minute	This cookies is installed by Google Universal Analytics to throttle the request rate to limit the colllection of data on high traffic sites.
muxData	0	19 years	This cookie is used to enable certain video player functionalities associated with Vimeo.
PREF	0	7 months	This cookie is set by Youtube. Used to store user preferences like language or any other customizations for YouTube Videos embedded in different sites.
VISITOR_INFO1_LIVE	1	5 months	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	1		This cookies is set by Youtube and is used to track the views of embedded videos.