Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal Government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a Federal Government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

FICAM Governance

An organization chart of the FICAM Governance Bodies and Working Groups

Identity, Credential, and Access Management Subcommittee

The Identity, Credential, and Access Management (ICAMSC) is the principal interagency forum for identity management, secure access, authentication, authorization, credentials, privileges, and access lifecycle management. It’s a sub-committee of the Federal CIO Council’s Chief Information Security Officer (CISO) Council.

The ICAMSC is co-chaired by the GSA Office of Government-wide Policy and another volunteer agency (currently the Department of Justice). The ICAMSC aligns the identity management activities of the Federal Government, and supports collaborative government-wide efforts to:

  • Increase agency flexibility in addressing ICAM challenges;
  • Coordinate interagency efforts to meet agency mission needs;
  • Identify gaps in policies, procedures, standards, guidance, and services; and
  • Align ICAM policies and compliance with other cybersecurity initiatives.

Activities

  • Address Agency Challenges: provides opportunities for agencies to troubleshoot issues and challenges associated with the planning, implementation, and operations of ICAM programs and solutions.
  • Develop Policy Recommendations: recommends new ICAM policies and updates existing ones.
  • Provide Flexible Tools for ICAM Programs: develops specific tools to assist agencies abilities to meet ICAM policy objectives and overcome ICAM implementation challenges.
  • Facilitate Communications and Information Sharing: acts as a vehicle for cross-government collaboration by sharing information, lessons learned, and best practices related to ICAM.

Membership and Meetings

Membership is open to federal agency employees only with a .gov or .mil email address. Contractors are permitted to join on a case-by-case basis.

To join, email ICAM at gsa.gov with “Request access to ICAMSC collaboration site“ in the subject line. See the ICAMSC Meeting Page on Max.gov for more information.

ICAMSC Working Groups

The ICAMSC charters working groups based on a defined-purpose and timeline. See the complete list of active and inactive working groups at the ICAMSC Max.gov page. Send an email to icam at gsa.gov for more information and join a working group.

Working Group Name Purpose Activities Membership Requirements Meeting Schedule
Physical Access Control Systems Modernization (PACSMod) Facilitate the implementation and use of the technology and processes related to modernizing electronic-PACS (ePACS) within the Federal Government (USG). Develop a PACS Assessment Toolkit, a self-assessment that agencies can utilize for FICAM compliance of PACS implementations by September 30th, 2021. Federal employees and designated contractors operating a PACS. Monthly
Cloud Identity Working Group Facilitate the OMB cloud smart initiative within the Federal Government (USG) and ensuring secure and efficient identity management operations. Create guidance to help agencies integrate and operate identity architecture components hosted in a public cloud environment by September 30th, 2021. Federal employees and designated contractors Monthly

Other ICAM Working Groups

Other ICAM working groups may be charted under other committess or subcommittees of the Federal CIO Council.

Working Group Name Purpose Activities Membership Requirements Meeting Schedule
Derived-PIV Working Group Accelerate the implementation of mobile identity management across the Federal Government. Document and share PKI and non-PKI uses cases to increase the available technical and information resources. Provide a feedback look to inform policy and standard. Federal employees and designated contractors Monthy

Federal Public Key Infrastructure Policy Authority

The Federal Public Key Infrastructure Policy Authority (FPKIPA) serves the interest of U.S. Federal Government organizations as relying parties and promotes interoperability between federal and non-federal entities by:

  • Setting policy governing the Federal Public Key Infrastructure (FPKI) Trust Infrastructure;
  • Approving applicants for cross certification with the Federal Bridge Certification Authority (FBCA); and
  • Providing oversight to the Certified PKI Shared Service Provider (SSP) Program.

It is co-chaired by the GSA Office of Government-wide Policy. The GSA Office of the Chief Information Officer (OCIO) is responsible for security authorizations and continuous monitoring for commercially-operated PKI shared service providers.

Activities

  • Approve Policies and Practices – Approve Federal Bridge Certification Authority (FBCA) and Federal Common Policy Certification Authority Certificate Policies (CPs), including revisions; approve FPKI Trust Infrastructure Certification Practice Statements.
  • Approve Entity Cross-Certification – Establish and administer criteria and methodology for cross-certification with the FBCA; approve cross-certifications and execute Memoranda of - Agreement (MOAs); maintain the FPKI Certification Applicant Requirements and the Common Policy CPS Evaluation Matrix.
  • Maintain Compliance – Ensure cross-certified entities are compatible with the FBCA Certificate Policy (CP) (or the Federal Common Policy Certification Authority (FCPCA) CP for Federal Legacy CAs).
  • Agreement with FPKI Management Authority – Oversee the FPKI Management Authority (FPKIMA) to issue and revoke cross-certificates, ensure adherence to the FPKI CPs, and provide documentation to be archived.
  • Interoperability Practices – Coordinate legal, policy, technical, and business practices and issues related to FPKI Trust Infrastructure.

Membership and Meetings

Members are appointed by each federal agency’s CIO, and the group operates under the authority of the Federal CIO Council through the Information Security and Identity Management Committee (ISIMC) and the Identity, Credential, and Access Management Subcommittee (ICAMSC). See the FPKIPA Charter (PDF, August 2021) for information on membership requirements, voting rights, etc.

The FPKIPA meets in the morning on the second Tuesday of each month. Contact fpki at gsa.gov to participate in the FPKIPA or its working groups.

Federal Public Key Infrastructure Management Authority

The Federal Public Key Infrastructure Management Authority (FPKIMA) enables government-wide trust by providing trust infrastructure services to federal agencies. The FPKIMA is governed under the FPKI Policy Authority (FPKIPA) and managed by the GSA Federal Acquisition Service.

Activities

  • Manage digital certificate policies and standards to ensure secure physical and logical access, document sharing, and communications across federal agencies and between external business partners.
  • Operate the FPKI Trust Infrastructure, which consists of two main certification authorities (CA):
    • Federal Common Policy CA (FCPCA) is the trust anchor for the Federal Government. Authorized CAs issue certificates for exclusive use by the Federal Government for federal employees and contractors, to include the PKI certificates on the Personal Identity Verification (PIV) credential.
    • Federal Bridge CA (FBCA) is the PKI Bridge that enables interoperability between and among federally operated and business partner PKIs.

FPKIMA Newsletter

If your agency is experiencing issues related to the FBCA or FCPCA, contact fpki-help at gsa.gov

Federal Public Key Infrastructure Working Groups

The FPKIPA charters three, ongoing working groups and potentially other short-term working groups and tiger teams.

If you meet the membership criteria and wish to join a working group, email fpki at gsa.gov and include the text “Request to Join xx” where “xx” is the name of the working group.

Working Group Name Purpose Activities Membership Requirements Meeting Schedule
Certificate Policy (CPWG) The Federal Bridge and Common policies advisory group. Facilitate proposed Certificate Policy changes, facilitate the FPKI cross-certification process, and address and resolve issues through policy analysis and modification. Federal employees, designated contractors, and PKI providers involved in the FPKI. As needed.
Shared Service Provider (SSPWG) The Shared Service Provider program advisory group. Identify policy changes that impact the Shared Services Program, address and resolve issues through policy analysis and modification. Only FPKI Shared Service Provider representatives. As needed.
Technical (TWG) Investigate and resolve complex FPKI technical issues. Identify and scope technical FPKI issues, address security concerns and vulnerabilities, and identify technical improvements to enhance the security and operational capabilities. Federal employees, designated contractors, and PKI vendors. As needed.