Build Identity, Credential, and Access Management Systems
This page contains guidance for teams to design and build functional and secure systems that comply with Federal Identity, Credential, and Access Management (FICAM) related policies, technologies, and implementation patterns.
The Federal CIO Council and sub-committees developed the FICAM Roadmap and Implementation guidance for implementing Federal ICAM. The guidance contains program level processes, procedures and considerations for planning and managing logical access, physical access, identity management, and federation within the agencies.
- FICAM Roadmap and Implementation Guidance (PDF, December 2011) – This is the authoritative roadmap for the target state of FICAM and contains guidance on architecture/design and implementation.
Technology, policy and security practices rapidly evolve and the government must keep up with the evolution. To modernize the original FICAM Roadmap and Implementation Guidance, we’re migrating the information to playbooks which are hosted on GitHub. These playbooks provide common patterns to help you properly implement and execute ICAM at your agency.
We have a lot of content developed over the years by agencies and encourage you to contribute!
- FICAM Architecture Playbook – Learn about FICAM, understand the FICAM Enterprise Architecture and contribute to its development.
- PIV Usage Guides Playbook – Learn how to implement common Personal Identity Verification (PIV) configurations for logical access.
- Federal PKI Guides Playbook – Learn more about the Federal Public Key Infrastructure and contribute to the development of the guides.
Identity Management is the set of practices that allow an organization to establish, maintain and terminate identities.
Credential Management is the set of practices that an organization uses to issue, track, update and revoke credentials for identities within their context.
- FICAM Architecture Playbook: Credential Management Learn how credentials work, how to leverage them in your environment, and how to manage and maintain them throughout their lifecycle.
Access Management is the set of practices that enables only those permitted the ability to perform an action on a particular resource.
- FICAM Architecture Playbook: Access Management Learn how to manage users’ access to physical and logical resources in a secure, compliant, and accountable manner.
- NIST Cybersecurity – NIST’s main cybersecurity website, with links to all of their sites and resources.
- NIST Computer Security Resource Center – NIST standards, guidelines, recommendations and research on computer/cyber/information security and privacy
- NIST Identity Management Systems Program
Laws, Regulations and Policies
As with all all government programs, laws, regulations, and policies to drive the development and management of Federal systems and define the Information Security controls related to Identity and Access.
Page Reviewed/Updated: May 12, 2017