Managing Identity Management Programs

This page contains guidance for Federal program managers to plan and manage enterprise identity, credentialing and access management programs.

The Federal ICAM (FICAM) program helps federal agencies implement ICAM by providing collaboration opportunities and guidance on IT policy, standards, implementation and architecture. Most of the guidance is developed through interagency working groups and sharing of best practices for the federal enterprise.

Roadmap

The Federal CIO Council and sub-committees developed the FICAM Roadmap and Implementation guidance for implementing Federal ICAM. The guidance contains program level processes, procedures and considerations for planning and managing logical access, physical access, identity management, and federation within the agencies.

• FICAM Roadmap and Implementation Guidance (PDF, December 2011) – The roadmap contains two primary parts. The two primary parts are the Part A: Enterprise Architecture and the Part B: Implementation Guides.

Playbooks

Technology, policy and security practices rapidly evolve and the government must keep up with the evolution. To modernize the original FICAM Roadmap and Implementation Guidance, we’re migrating the information to playbooks which are hosted on GitHub. These playbooks provide common policy and patterns to help you properly implement and execute ICAM at your agency.

The first of the playbooks is live and replaces the Part A: Enterprise Architecture:

• FICAM Architecture Playbook – Learn about FICAM, understand the FICAM Enterprise Architecture, and contribute to its development.

We welcome you to contribute, and will be posting more working group materials soon.

Laws, Regulations and Policies

Supporting policy to guide the management of identity management systems.

• NIST Special Publication 800-63-3 Digital Identity Guidelines (June 2017)
• Executive Order 13681 Improving the Security of Consumer Financial Transactions (October 2014)
• OMB M-11-11 Continued Implementation of Homeland Security Presidential Directive (HSPD) 12–Policy for a Common Identification Standard for Federal Employees and Contractors (PDF, February 2011)
• OMB M-05-24 Implementation of Homeland Security Presidential Directive (HSPD) 12 – Policy for a Common Identification Standard for Federal Employees and Contractors (PDF, August 2005)
• OMB M-05-05 Electronic Signatures: How to Mitigate the Risk of Commercial Managed Services (PDF, December 2004)
• Homeland Security Presidential Directive 12 (HSPD-12) – Policy for a Common Identification Standard for Federal Employees and Contractors (August 2005)
• OMB M-04-04 E-Authentication Guidance for Federal Agencies (PDF, December 2003)

Page Reviewed/Updated: July 10, 2017