Build Identity, Credential, and Access Management Systems
This page contains guidance for teams to design and build functional and secure systems that comply with Federal Identity, Credential, and Access Management (FICAM) related policies, technologies, and implementation patterns.
The Federal CIO Council and subcommittees developed the FICAM Roadmap and Implementation Guidance for implementing Federal ICAM. This guidance contains program-level processes, procedures, and considerations for planning and managing logical access, physical access, identity management, and federation within the agencies.
- FICAM Roadmap and Implementation Guidance (PDF, December 2011) – This is the authoritative roadmap for the target state of FICAM and contains guidance on architecture/design and implementation.
Technology, policy, and security practices rapidly evolve and the government must keep up with the evolution. To modernize the original FICAM Roadmap and Implementation Guidance, we’re migrating the information to Playbooks, which are hosted on GitHub. These Playbooks provide common patterns to help you properly implement and execute ICAM at your agency.
A lot of content has been developed over the years by the agencies, and we encourage you to contribute!
- FICAM Architecture Playbook – Learn about FICAM, understand the FICAM Enterprise Architecture, and contribute to its development.
- PIV Usage Guides Playbook – Learn how to implement common Personal Identity Verification (PIV) configurations for logical access.
- Federal PKI Guides Playbook – Learn more about the Federal Public Key Infrastructure and contribute to the development of the guides.
Identity Management is the set of practices that allow an organization to establish, maintain, and terminate identities.
Credential Management is the set of practices that an organization uses to issue, track, update, and revoke credentials for identities within their context.
- FICAM Architecture Playbook: Credential Management – Learn how credentials work, how to leverage them in your environment, and how to manage and maintain them throughout their life-cycle.
Access Management is the set of practices that enables only those who are permitted to perform an action on a particular resource.
- FICAM Architecture Playbook: Access Management – Learn how to manage users’ access to physical and logical resources in a secure, compliant, and accountable manner.
- NIST Cybersecurity – NIST’s main cybersecurity website, with links to all of their sites and resources.
- NIST Computer Security Resource Center – NIST standards, guidelines, recommendations and research on computer/cyber/information security and privacy
- NIST Identity Management Systems Program
Laws, Regulations, and Policies
As with all Federal Government programs—laws, regulations, and policies drive the development and management of federal systems and define the information security controls related to Identity and Access.
Page Reviewed/Updated: October 24, 2017