GSA ICAM Solutions and Shared Services Roadmap
This section contains information on the GSA ICAM Solutions Catalog and GSA ICAM Solutions and Shared Services Roadmap in response to OMB Memorandum 19-17. This roadmap is maintained by the GSA Federal Acquisition Service in collaboration with the ICAM Subcommittee.
- GSA Solutions and Shared Services Roadmap - A roadmap for providing or updating GSA Multiple Award Schedule solutions and shared services that allow agencies to achieve the outcomes in OMB ICAM policy and NIST standards and guidelines.
- GSA Solutions Catalog - A consolidated catalog of existing GSA Multiple Award Schedule ICAM solutions and shared services.
GSA ICAM Solutions and Shared Services Roadmap
This document provides a response to the Office of Management and Budget (OMB) memorandum M-19-17, “Enabling Mission Delivery through Improved Identity, Credential, and Access Management.” The memorandum outlines the federal government’s Identity, Credential, and Access Management (ICAM) policy and establishes government-wide responsibilities that include the General Services Administration (GSA). GSA is specifically tasked with developing and maintaining “a roadmap for providing or updating GSA solutions and shared services that allow agencies to achieve the outcomes in OMB ICAM policy and NIST standards and guidelines.” GSA analyzed the current state of ICAM solutions and shared services and developed activities to address identified gaps based on the ICAM Services Framework. The roadmap aligns actions to the following three phases:
- Foundation focuses on modifications to the existing services catalog to address critical gaps.
- Federation focuses on enhancing federation capabilities for government-to-government, government-to-constituent, and government-to-mission partner interactions.
- Emerging Trends focuses on recognizing and preparing for emerging trends and expanding support.
The roadmap also identifies five areas that align with GSA’s vision:
- Guidance provided to agencies for best-in-class ICAM implementation.
- Coordination with organizations to ensure that solutions support ICAM policy, minimize duplication of effort, and verify that agency needs are being met.
- Acquisition Support to maintain and update contract vehicles to support agency ICAM needs.
- Shared Services provided so that agencies don’t duplicate efforts.
- Third-Party Validation for vendors offering ICAM related services.
The following table provides a summary of the roadmap activities. This roadmap is considered a living document; this first iteration is designed to gain leadership support and endorsement. Foundation activities are targeted for completion in the next one to two years. Federation activities are targeted for three to four years. Emerging trends activities are likely to require more than four years to complete, as they may depend on earlier phase activities or require further definition before they can begin.
|FY21-23 Phase One
|FY23-25 Phase Two
|FY25 & Beyond Phase Three
GSA ICAM Solutions Catalog
On May 21, 2019, the Office of Management and Budget (OMB) released a new Identity, Credential, and Access Management (ICAM) policy (M-19-17). This memo mandated that GSA publish “a consolidated catalog of existing ICAM solutions and shared services.” The attached catalog includes several special item numbers (SINs) within the Multiple Award Schedules (MAS). Please note that MAS has recently gone through a consolidation; therefore, new SIN designations have been included.
Most MAS ICAM solutions can be purchased on GSA eBuy, an online Request for Quotation (RFQ) tool designed to facilitate the request for submission of quotations for a wide range of products and services. Non-MAS solutions, shared services, have also been included such as login.gov and Max.gov. For convenience and clarity, the corresponding practice area and services provided by the ICAM Services Framework are identified for each solution. The ICAM Services Framework helps agencies translate between requirements and technical solutions. Agencies can leverage these solutions now to begin meeting the requirements of the OMB ICAM policy.
|FICAM Services Framework Practice Area(s)
|Where to Purchase
|Homeland Security Information Network (HSIN) Identity Proofing Service
|HSIN is a user-driven, web-based, information-sharing platform that connects all homeland security mission partners within a wide spectrum of homeland security mission areas. HSIN is an Identity Provider within the National Information Exchange Federation (NIEF), a collection of U.S. agencies that have come together to share sensitive law enforcement information.
|How to Join HSIN
|Offers the public secure and private online access to participating government programs. With one login.gov account, users can sign into multiple government agencies.
|Authentication as a Service (AaaS) Automatic registration for federal users by email domain. HSPD-12-PIV /DoD CAC cards and SMS 2-factor authentication for sensitive activities. Enterprise Federated Partner Automated Login (i.e., single sign-on) with agencies.
|The GSA HSPD-12 Managed Service Office (MSO) established the USAccess program as an efficient way for federal agencies to issue common, HSPD-12-approved credentials to their employees and contractors.
|SIN 517312: Wireless Mobility Solutions
|Includes a variety of services that address the mobility needs of government agencies. Subcategory #9 – Mobile Identity Management (MIM) is the secure integration of the attributes that unerringly identify a person in the physical and online environments, within the mobile device. MIM is a set of complementary products and solutions that issue and maintain certificates, which may include Derived PIV Credential (DPC) usage. A valid PIV card is required to issue a DPC.
Other mobility offerings on this SIN
|Acquisition Gateway RFQ Generator
|SIN 541519CDM: Continuous Diagnostics and Mitigation (CDM) Tools
|Includes DHS approved hardware and software products. The full complement of CDM Tools SIN products and services includes tools, associated maintenance, and other related activities such as training.
|ICAM tools on CDM Approved Products List (APL) maintained and updated monthly by the Department of Homeland Security (DHS)
|CDM Tools SIN Information for Ordering Organizations
|SIN 541519ICAM: Identity, Credential, and Access Management (ICAM)
|Managed service offerings for electronic credentials, identity and access management, authentication, and identity and access management professional services.
|SIN 541519PKI: Public Key Infrastructure (PKI) Shared Service Providers (SSP) Program
|This program provides PKI services and digital certificates for use by federal employees and contractors to the federal government.
|Current PKI Shared Service Providers
|SIN 541519IPIV: Homeland Security Presidential Directive-12 Product and Service Components
|PIV products and PIV services to implement the requirements of HSPD-12, FIPS-201, and associated NIST special publications. Implementation components specified under this SIN are:
|PKI Shared Service Provider for PIV and additional products support
|SIN 334290L: Physical Access Control System (PACS)
|Includes PACS, such as card-controlled access, biometrics, security barriers, etc.
|SIN 541330SEC: Security System Integration, Design, Management, and Life Cycle Support
|Includes services related to PACS design, integration, implementation, and installation/testing. Offerors under this SIN have at least one employee who is CSEIP (Certified System Engineer ICAM PACS) certified and such certification can be verified at IDmanagment.gov.
|PACS integration (installation and configuration)
GSA eBuy Ordering Instructions For Agencies
Buyers are required to register on GSA Advantage. Buyers can use the same User ID and Password on GSA eBuy and GSA Advantage. Vendor listings change regularly and are available in eBuy. Below are modified steps to access the GSA eBuy Buyer website:
- Go to http://www.ebuy.gsa.gov.
- At the top of the page, the buyer will see “Sign in as a …. Buyer.” Click Buyer to display the Sign In.
- Enter the buyer’s official email address and password and click Sign In.
- The buyer will be prompted to request and enter a verification code. GSA Advantage will send the buyer an email with the single-use verification code.
- Enter the verification code from the email (please note that the buyer’s verification code is only valid for 10 minutes). Then do the following:
- Search – Find the solution to post your requirements. A search can be conducted using the SIN designations from this catalog or by using keywords.
- Select – Select vendors to notify. At least three vendors can be selected.
- Prepare – A buyer can begin a new RFQ/RFI at any point in eBuy. Provide the necessary information about requirements for vendors to submit a quote.
- Submit – Review and submit the RFQ/RFI.