Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal Government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a Federal Government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

GSA ICAM Solutions and Shared Services Roadmap

This section contains information on the GSA ICAM Solutions Catalog and GSA ICAM Solutions and Shared Services Roadmap in response to OMB Memorandum 19-17. This roadmap is maintained by the GSA Federal Acquisition Service in collaboration with the ICAM Subcommittee.

  • GSA Solutions and Shared Services Roadmap - A roadmap for providing or updating GSA Multiple Award Schedule solutions and shared services that allow agencies to achieve the outcomes in OMB ICAM policy and NIST standards and guidelines.
  • GSA Solutions Catalog - A consolidated catalog of existing GSA Multiple Award Schedule ICAM solutions and shared services.

GSA ICAM Solutions and Shared Services Roadmap

This document provides a response to the Office of Management and Budget (OMB) memorandum M-19-17, “Enabling Mission Delivery through Improved Identity, Credential, and Access Management.” The memorandum outlines the federal government’s Identity, Credential, and Access Management (ICAM) policy and establishes government-wide responsibilities that include the General Services Administration (GSA). GSA is specifically tasked with developing and maintaining “a roadmap for providing or updating GSA solutions and shared services that allow agencies to achieve the outcomes in OMB ICAM policy and NIST standards and guidelines.” GSA analyzed the current state of ICAM solutions and shared services and developed activities to address identified gaps based on the ICAM Services Framework. The roadmap aligns actions to the following three phases:

  1. Foundation focuses on modifications to the existing services catalog to address critical gaps.
  2. Federation focuses on enhancing federation capabilities for government-to-government, government-to-constituent, and government-to-mission partner interactions.
  3. Emerging Trends focuses on recognizing and preparing for emerging trends and expanding support.

The roadmap also identifies five areas that align with GSA’s vision:

  1. Guidance provided to agencies for best-in-class ICAM implementation.
  2. Coordination with organizations to ensure that solutions support ICAM policy, minimize duplication of effort, and verify that agency needs are being met.
  3. Acquisition Support to maintain and update contract vehicles to support agency ICAM needs.
  4. Shared Services provided so that agencies don’t duplicate efforts.
  5. Third-Party Validation for vendors offering ICAM related services.

The following table provides a summary of the roadmap activities. This roadmap is considered a living document; this first iteration is designed to gain leadership support and endorsement. Foundation activities are targeted for completion in the next one to two years. Federation activities are targeted for three to four years. Emerging trends activities are likely to require more than four years to complete, as they may depend on earlier phase activities or require further definition before they can begin.

Focus Area FY21-23 Phase One
Foundation
FY23-25 Phase Two
Federation
FY25 & Beyond Phase Three
Emerging Trends
Guidance
  1. Update the FICAM Architecture and FICAM Services Framework.
  2. Refresh the FICAM Roadmap.
  3. Provide guidance for agency OLT CA.
  1. Establish a capability to create and share best practices.
  2. Maintain the FICAM Architecture and FICAM Services Framework.
  1. Maintain the FICAM Roadmap.
Coordination
  1. Identify existing contracting vehicles.
  2. Identify policy gaps for use of mission partner credentials.
  3. Establish collaboration mechanisms.
  4. Identify and resource projects for implementing the FICAM Architecture.
  1. Address policy gaps for use of mission partner credentials.
  2. Prioritize deliverables for the best practices group.
  3. Maintain collaboration mechanisms.
  4. Update this roadmap to better support agency needs.
  1. Identify emerging technologies that impact the FICAM Services Framework.
  2. Identify contracting vehicles, shared services, and vendor validations needed to support emerging technologies.
Acquisition Support
  1. Implement FICAM Services Framework profile under ICAM SIN.
  2. Develop playbook for contract officers and contract specialists.
  3. Develop playbook for agency ICAM buyers.
  1. Develop SIN for best-in-class ICAM services, ICAM tools, and ICAM SaaS cloud solutions.
  1. Update contracting vehicles to support emerging technologies.
Shared Service
  1. Modernize the FPKI trust infrastructure.
  2. Improve USAccess.
  3. Enhance Login.gov.
  4. Provide publicly trusted web server certificates.
  1. Implement service to provide suitability status.
  2. Implement organizational signature service.
  3. Provide support for validating mission partner credentials.
  4. Implement an Identity Provider (Id) authentication service.
  1. Implement cloud services to support non-person entity (NPE).
  2. Evaluate demand and feasibility for implementation of an attribute mapping service.
Third-Party Validation
  1. Establish criteria for validating third-party ICAM services.
  1. Design and implement validation process for third-party providers.
  1. Begin validating third-party providers.

GSA ICAM Solutions Catalog

On May 21, 2019, the Office of Management and Budget (OMB) released a new Identity, Credential, and Access Management (ICAM) policy (M-19-17). This memo mandated that GSA publish “a consolidated catalog of existing ICAM solutions and shared services.” The attached catalog includes several special item numbers (SINs) within the Multiple Award Schedules (MAS). Please note that MAS has recently gone through a consolidation; therefore, new SIN designations have been included.

Most MAS ICAM solutions can be purchased on GSA eBuy, an online Request for Quotation (RFQ) tool designed to facilitate the request for submission of quotations for a wide range of products and services. Non-MAS solutions and shared services have also been included, such as login.gov and Max.gov. For convenience and clarity, the corresponding practice area and services provided by the ICAM Services Framework are identified for each solution. The ICAM Services Framework helps agencies translate between requirements and technical solutions. Agencies can leverage these solutions now to begin meeting the requirements of the OMB ICAM policy.

FICAM Services Framework Practice Area(s) Name Description Offering Where to Purchase
Identity Management Homeland Security Information Network (HSIN) Identity Proofing Service HSIN is a user-driven, web-based, information-sharing platform that connects all homeland security mission partners within a wide spectrum of homeland security mission areas. HSIN is an Identity Provider within the National Information Exchange Federation (NIEF), a collection of U.S. agencies that have come together to share sensitive law enforcement information. Identity Proofing How to Join HSIN
Identity Management

Access Management

Federation
Login.gov Offers the public secure and private online access to participating government programs. With one login.gov account, users can sign into multiple government agencies. Account Linking

Authentication
login.gov
Access Management

Federation
MAX Authentication Authentication as a Service (AaaS) Automatic registration for federal users by email domain. HSPD-12-PIV /DoD CAC cards and SMS 2-factor authentication for sensitive activities. Enterprise Federated Partner Automated Login (i.e., single sign-on) with agencies. Authentication Services

Federation
Max.gov
Credential Management USAccess The GSA HSPD-12 Managed Service Office (MSO) established the USAccess program as an efficient way for federal agencies to issue common, HSPD-12-approved credentials to their employees and contractors. PIV card fedidcard.gov
Credential Management SIN 517312: Wireless Mobility Solutions Includes a variety of services that address the mobility needs of government agencies. Subcategory #9 – Mobile Identity Management (MIM) is the secure integration of the attributes that unerringly identify a person in the physical and online environments, within the mobile device. MIM is a set of complementary products and solutions that issue and maintain certificates, which may include Derived PIV Credential (DPC) usage. A valid PIV card is required to issue a DPC. Digital Certificates

Derived PIV

Other mobility offerings on this SIN
Acquisition Gateway RFQ Generator
Access Management SIN 541519CDM: Continuous Diagnostics and Mitigation (CDM) Tools Includes DHS-approved hardware and software products. The full complement of CDM Tools SIN products and services includes tools, associated maintenance, and other related activities such as training. ICAM tools on CDM Approved Products List (APL) maintained and updated monthly by the Department of Homeland Security (DHS) CDM Tools SIN Information for Ordering Organizations
Identity Management

Access Management

Credential Management
SIN 541519ICAM: Identity, Credential, and Access Management (ICAM) Managed service offerings for electronic credentials, identity and access management, authentication, and identity and access management professional services. Digital credentials

Authentication

Professional Services
GSA eBuy
Credential Management SIN 541519PKI: Public Key Infrastructure (PKI) Shared Service Providers (SSP) Program This program provides PKI services and digital certificates for use by federal employees and contractors to the federal government. Current PKI Shared Service Providers GSA eBuy
Credential Management SIN 541519IPIV: Homeland Security Presidential Directive-12 Product and Service Components PIV products and PIV services to implement the requirements of HSPD-12, FIPS-201, and associated NIST special publications. Implementation components specified under this SIN are:
  • PIV enrollment and registration services
  • PIV systems infrastructure
  • PIV card management and production services
  • PIV card finalization services
  • Logical access control products and services
  • PIV system integration services. Installation services and FIPS 201 compliant PACS (Physical Access Control System) products.
PKI Shared Service Provider for PIV and additional products support GSA eBuy
Access Management SIN 334290L: Physical Access Control System (PACS) Includes PACS, such as card-controlled access, biometrics, security barriers, etc. PACS components GSA eBuy
Access Management SIN 541330SEC: Security System Integration, Design, Management, and Life Cycle Support Includes services related to PACS design, integration, implementation, and installation/testing. Offerors under this SIN have at least one employee who is CSEIP (Certified System Engineer ICAM PACS) certified and such certification can be verified at IDmanagment.gov. PACS integration (installation and configuration) GSA eBuy

GSA eBuy Ordering Instructions For Agencies

Buyers are required to register on GSA Advantage. Buyers can use the same User ID and Password on GSA eBuy and GSA Advantage. Vendor listings change regularly and are available in eBuy. Below are modified steps to access the GSA eBuy Buyer website:

  1. Go to http://www.ebuy.gsa.gov.
  2. At the top of the page, the buyer will see “Sign in as a …. Buyer.” Click Buyer to display the Sign In.
  3. Enter the buyer’s official email address and password and click Sign In.
  4. The buyer will be prompted to request and enter a verification code. GSA Advantage will send the buyer an email with the single-use verification code.
  5. Enter the verification code from the email (please note that the buyer’s verification code is only valid for 10 minutes). Then do the following:
  6. Search – Find the solution to post your requirements. A search can be conducted using the SIN designations from this catalog or by using keywords.
  7. Select – Select vendors to notify. At least three vendors can be selected.
  8. Prepare – A buyer can begin a new RFQ/RFI at any point in eBuy. Provide the necessary information about requirements for vendors to submit a quote.
  9. Submit – Review and submit the RFQ/RFI.

Additional Resources

IDManagement.gov

An official website of the U.S. General Services Administration

Looking for U.S. government information and services?
Visit USA.gov Edit this page