Build and Implement Federal Identity Management Systems

Build Identity, Credential, and Access Management Systems

This page contains guidance for teams to design and build functional and secure systems that comply with Federal Identity, Credential, and Access Management (FICAM) related policies, technologies, and implementation patterns.

Roadmap

The Federal CIO Council and sub-committees developed the FICAM Roadmap and Implementation guidance for implementing Federal ICAM.  The guidance contains program level processes, procedures and considerations for planning and managing logical access, physical access, identity management, and federation within the agencies.

Playbooks

Technology, policy and security practices rapidly evolve and the government must keep up with the evolution.  To modernize the original FICAM Roadmap and Implementation Guidance, we’re migrating the information to playbooks which are hosted on GitHub. These playbooks  provide common  patterns to help you properly implement and execute ICAM at your agency.

We have a lot of content developed over the years by agencies and encourage you to contribute!

  • FICAM Architecture Playbook – Learn about FICAM, understand the FICAM Enterprise Architecture and contribute to its development.
  • PIV Usage Guides Playbook – Learn how to implement common Personal Identity Verification (PIV) configurations for logical access.
  • Federal PKI Guides Playbook – Learn more about the Federal Public Key Infrastructure and contribute to the development of the guides.

Identity Management

Identity Management is the set of practices that allow an organization to establish, maintain and terminate identities.

Credential Management

Credential Management is the set of practices that an organization uses to issue, track, update and revoke credentials for identities within their context.

Access Management

Access Management is the set of practices that enables only those permitted the ability to perform an action on a particular resource.

Additional Guidance

Laws, Regulations and Policies

As with all all government programs, laws, regulations, and policies to drive the development and management of Federal systems and define the Information Security controls related to Identity and Access.

Page Reviewed/Updated: May 12, 2017