GSA ICAM Solutions and Shared Services
This page contains information on the GSA ICAM Solutions Catalog and GSA ICAM Solutions and Shared Services Roadmap in response to OMB Memo 19-17.
- GSA Solutions and Shared Services Roadmap - A roadmap for providing or updating GSA Multiple Award Schedule solutions and shared services that allow agencies to achieve the outcomes in OMB ICAM policy and NIST standards and guidelines.
- GSA Solutions Catalog - A a consolidated catalog of existing GSA Multiple Award Schedule ICAM solutions and shared services.
GSA ICAM Solutions and Shared Services Roadmap
This document provides a response to the Office of Management and Budget (OMB) memorandum M-19-17, “Enabling Mission Delivery through Improved Identity, Credential, and Access Management.” The memorandum outlines the federal government’s Identity, Credential, and Access Management (ICAM) policy and establishes Government-wide responsibilities that include the General Services Administration (GSA). GSA is specifically tasked with developing and maintaining “a roadmap for providing or updating GSA solutions and shared services that allow agencies to achieve the outcomes in OMB ICAM policy and NIST standards and guidelines.” GSA analyzed the current state of ICAM solutions and shared services, and developed activities to address identified gaps based on the ICAM Services Framework. The roadmap aligns actions to the following three phases:
- Foundation focuses on modifications to the existing services catalog to address critical gaps.
- Federation focuses on enhancing federation capabilities for government to government, government to constituent, and government to mission partner interactions.
- Emerging Trends focuses on recognizing and preparing for emerging trends and expanding support.
The roadmap also identifies five areas that align with GSA’s vision:
- Guidance provided to agencies for best in class ICAM implementation.
- Coordination with organizations to ensure that solutions support ICAM policy, minimize duplication of effort, and verify that agency needs are being met.
- Acquisition Support to maintain and update contract vehicles to support agency ICAM needs.
- Shared Services provided rather than each agency duplicating efforts.
- Third-Party Validation for vendors offering ICAM related services.
The following table provides a summary of the roadmap activities. This roadmap is considered a living document; this first iteration is designed to gain leadership support and endorsement. Foundation activities are targeted for completion in the next one to two years. Federation activities are targeted for three to four years. Emerging trend activities are likely to require more than four years to complete, as they may depend on earlier phase activities or require further definition before they can begin.
|Focus Area||FY21-23 Phase One
|FY23-25 Phase Two
|FY25 & Beyond Phase Three
GSA ICAM Solutions Catalog
On May 21, 2019, the Office of Management and Budget (OMB) released a new Identity, Credential and Access Management (ICAM) policy (M-19-17). This memo mandated that GSA publish “a consolidated catalog of existing ICAM solutions and shared services.” The attached catalog includes several special item numbers (SINs) within the Multiple Award Schedules (MAS). Please note that MAS has recently gone through a consolidation, therefore, new SIN designations have been included.
Most MAS ICAM solutions can be purchased on GSA eBuy, an online Request for Quotation (RFQ) tool designed to facilitate the request for submission of quotations for a wide range of products and services. Non-MAS solutions, shared services, have also been included such as login.gov and max.gov. For convenience and clarity, the corresponding practice area and services provided by the ICAM Services Framework are identified for each solution. The ICAM Services Framework is designed to help agencies translate between requirements and technical solutions. Agencies can leverage these solutions now to begin meeting the requirements of the OMB ICAM policy.
|FICAM Services Framework Practice Area(s)||Name||Description||Offering||Where to Purchase|
|Identity Management||Homeland Security Information Network (HSIN) Identity Proofing Service||HSIN is a user-driven, web-based, information-sharing platform that connects all homeland security mission partners within a wide spectrum of homeland security mission areas. HSIN is an Identity Provider within the National Information Exchange Federation (NIEF),a collection of agencies in the U.S. that have come together to share sensitive law enforcement information.||Identity Proofing||How to Join HSIN|
|Login.gov||Offers the public secure and private online access to participating government programs. With one login.gov account, users can sign in to multiple government agencies.||Account Linking
|MAX Authentication||Authentication as a Service (AaaS) Automatic registration for federal users by email domain. HSPD – 12 PIV /DoD CAC cards and SMS 2-factor for sensitive activities. Enterprise Federated Partner Automated Login (i.e. single sign-on) with agencies.||Authentication Services
|Credential Management||USAccess||The GSA HSPD-12 Managed Service Office (MSO) established the USAccess program as an efficient way for Federal agencies to issue common HSPD-12 approved credentials to their employees and contractors.||PIV card||fedidcard.gov|
|Credential Management||SIN 517312: Wireless Mobility Solutions||Includes a variety of services that address the mobility needs of government agencies to include: Subcategory #9 – Mobile Identity Management (MIM) is the secure integration of the attributes that unerringly identify a person in the physical and online environments, within the mobile device. MIM is a set of complementary products and solutions that issue and maintain certificates, which may include Derived PIV Credential (DPC) usage. A valid PIV card is required to issue a DPC.||Digital Certifcates
Other mobility offerings on this SIN
|Acquisition Gateway RFQ Generator|
|Access Management||SIN 541519CDM: Continuous Diagnostics and Mitigation (CDM) Tools||Includes Department of Homeland Security (DHS) approved hardware and software products. The full complement of CDM Tools SIN products and services includes tools, associated maintenance, and other related activities such as training.||ICAM tools on CDM Approved Products List (APL) maintained and updated monthly by DHS||CDM Tools SIN Information for Ordering Organizations|
|SIN 541519ICAM: Identity, Credentialing and Access Management (ICAM)||Managed service offerings for electronic credentials, identity and access management, authentication, and identity and access management professional services.||Digital credentials
|Credential Management||SIN 541519PKI: Public Key Infrastructure (PKI) Shared Service Providers (SSP) Program||This program provides PKI services and digital certificates for use by Federal employees and contractors to the Federal Government.||Current PKI Shared Service Providers||GSA eBuy|
|Credential Management||SIN 541519IPIV: Homeland Security Presidential Directive 12 Product and Service Components||PIV products and PIV services to implement the requirements of HSPD-12, FIPS-201 and associated NIST special publications. Implementation components specified under this SIN are:
||PKI Shared Service Provider for PIV and additional products support||GSA eBuy|
|Access Management||SIN 334290L: Physical Access Control Systems (PACS)||Includes physical access control systems (PACS), such as card-controlled access, biometrics, security barriers, etc.||Physical Access Control Systems (PACS) components||GSA eBuy|
|Access Management||SIN 541330SEC: Security System Integration, Design, Management, and Life Cycle Support||Includes services related to PACS design, integration, and implementation, and installation/testing. Offerors under this SIN have at least one employee who is CSEIP (Certified System Engineer ICAM PACS) certified and such certification can be verified at IDmanagment.gov.||Physical Access Control Systems (PACS) integration (installation and configuration)||GSA eBuy|
GSA eBuy Ordering Instructions For Agencies
Buyers are required to register on GSA Advantage. Buyers can use the same User ID and Password on GSA eBuy and GSA Advantage. Vendor listing change regularly and are available in eBuy. Below are modified steps to access the GSA eBuy Buyer website:
- Go to http://www.ebuy.gsa.gov.
- At the top of this page the buyer will see “Sign in as a …. Buyer”, click Buyer to display the Sign In.
- Enter the buyer’s official email address and Password in the boxes provided and click Sign in.
- The buyer will be prompted to request and enter the verification code. GSA Advantage will send the buyer an email with the single-use verification code.
- Enter the verification code from the email. Please note that the buyer’s verification code is only valid for 10 minutes.
- Search – find the solution to post your requirements. A search can be conducted using the SIN designations from this catalog or by using keywords.
- Select – select vendors to notify. At least three vendors can be selected.
- Prepare – beginning a new RFQ/RFI can be started at any point in eBuy. Provide the necessary information about requirements for vendors to submit a quote.
- Submit – review and submit RFQ/RFI.