Governance and Compliance
The Federal ICAM (FICAM) program helps federal agencies plan and manage enterprise identity, credentialing, and access management (ICAM) through collaboration opportunities and guidance on IT policy, standards, implementation, and architecture. Most of the guidance and best practices found on this website are developed through interagency working groups.
ICAM Program Management Guide
The ICAM Program Management Guide explains how to plan and implement an Identity, Credential, and Access Management (ICAM) Program, as outlined in the Federal Identity, Credential, and Access Management (FICAM) Architecture. In this guide, you’ll find content for ICAM program managers who need agency-level planning guides to drive adoption of ICAM services within their organizations as well as information on how to govern the program, identify and communicate with stakeholders, manage risk, and other related topics.
This guide answers the most common ICAM program organization and management questions, including:
- How can I establish governance to ensure ICAM alignment at the agency level?
- Who are my key ICAM stakeholders?
- What best practices support ICAM implementation?
The guide is organized by sections, each of which describes an essential feature of ICAM program management, including recommendations and lessons learned from agencies who have implemented ICAM programs.
The FICAM Roadmap, developed by the Federal CIO Council, contains processes, procedures, and considerations for planning and managing logical access, physical access, identity management, and federation within federal agencies. But the Roadmap was last updated in 2011, and as technology, policy, and security practices rapidly evolve, the government must also evolve. To modernize the original FICAM Roadmap, we’ve begun migrating this information to playbooks.
These playbooks are hosted on Github and provide common policy and patterns to help you implement and execute ICAM at your agency. The playbooks are a government-wide collaboration based on the needs and interests of individual agencies and government-wide groups. Reach out to icam at gsa.gov to suggest new topics.
- National Initiative for Cybersecurity Education (NICE) – A partnership between government, academia, and the private sector focused on cybersecurity education, training, and workforce development. NICE is led by the National Institute of Standards and Technology (NIST).
- Secure Technology Alliance (STA) Education and Certification Programs – The STA offers educational and certification programs.
- National Cybersecurity Center of Excellence (NCCoE) – Works with experts from industry, government, and academia to address businesses’ most pressing cybersecurity problems with practical, standards-based solutions using commercially available technologies.
- NIST Identity & Access Management – Through the NIST Identity and Access Management Resource Center, we seek to share our efforts that strengthen the security, privacy, usability, and interoperability of solutions that meet an organization’s identity and access management needs throughout the system lifecycle.