Build and Implement Federal Identity Management Systems

Build Identity, Credential, and Access Management Systems

This page contains guidance for teams to design and build functional and secure systems that comply with Federal Identity, Credential, and Access Management (FICAM) related policies, technologies, and implementation patterns.


The Federal CIO Council and subcommittees developed the FICAM Roadmap and Implementation Guidance for implementing Federal ICAM. This guidance contains program-level processes, procedures, and considerations for planning and managing logical access, physical access, identity management, and federation within the agencies.


Technology, policy, and security practices rapidly evolve and the government must keep up with the evolution.  To modernize the original FICAM Roadmap and Implementation Guidance, we’re migrating the information to Playbooks, which are hosted on GitHub. These Playbooks provide common patterns to help you properly implement and execute ICAM at your agency.

A lot of content has been developed over the years by the agencies, and we encourage you to contribute!

  • FICAM Architecture Playbook – Learn about FICAM, understand the FICAM Enterprise Architecture, and contribute to its development.
  • PIV Usage Guides Playbook – Learn how to implement common Personal Identity Verification (PIV) configurations for logical access.
  • Federal PKI Guides Playbook – Learn more about the Federal Public Key Infrastructure and contribute to the development of the guides.

Identity Management

Identity Management is the set of practices that allow an organization to establish, maintain, and terminate identities.

Credential Management

Credential Management is the set of practices that an organization uses to issue, track, update, and revoke credentials for identities within their context.

Access Management

Access Management is the set of practices that enables only those who are permitted to perform an action on a particular resource.

Additional Guidance

Laws, Regulations, and Policies

As with all Federal Government programs—laws, regulations, and policies drive the development and management of federal systems and define the information security controls related to Identity and Access.

Page Reviewed/Updated: October 24, 2017