Build Identity, Credential and Access Management Systems

Build Identity, Credential, and Access Management Systems

Guidance for teams to design and build functional and secure systems that comply with Federal Identity, Credential, and Access Management (FICAM) policies, technologies, and implementation patterns.

Roadmap

The Federal CIO Council and subcommittees developed the FICAM Roadmap and Implementation Guidance for implementing Federal ICAM. Learn about program-level processes, procedures, and considerations for planning and managing logical access, physical access, identity management, and federation within Federal agencies.

Playbooks

Technology, policy, and security practices rapidly evolve and the government must keep up with the evolution. To modernize the original FICAM Roadmap and Implementation Guidance, we’re migrating the information to Playbooks, which are hosted on Github. These Playbooks provide common patterns to help you properly implement and execute ICAM at your agency.

  • FICAM Architecture Playbook – Learn about FICAM, understand the FICAM Enterprise Architecture, and contribute to its development.
  • PIV Usage Guides Playbook – Learn how to implement common Personal Identity Verification (PIV) configurations for logical access.
  • Federal PKI Guides Playbook – Learn more about the Federal Public Key Infrastructure and contribute to the development of the guides.

A lot of content has been developed over the years by the agencies, and we encourage you to contribute! This video will show you how to contribute to the FICAM Playbooks.

Identity Management

Identity Management is the set of practices that allow an organization to establish, maintain and terminate identities.

Credential Management

Credential Management is the set of practices that an organization uses to issue, track, update and revoke credentials for identities within their context.

Access Management

Access Management is the set of practices that enables only those permitted  to perform an action on a particular resource.

Additional Guidance

Laws, Regulations, and Policies

As with all Federal Government programs – laws, regulations, and policies drive the development and management of federal systems and define the information security controls related to Identity and Access.

Page Reviewed/Updated: April 2018