The Federal ICAM (FICAM) program helps federal agencies plan and manage enterprise identity, credentialing, and access management (ICAM) through collaboration opportunities and guidance on information technology (IT) policy, standards, implementation, and architecture. Interagency working groups developed most of the guidance and best practices found on this website.
ICAM Program Management 101
The ICAM Program Management 101 explains how to plan, implement, and manage an ICAM Program. Here, you’ll find content for ICAM program managers who need agency-level planning guides and templates to drive adoption of ICAM services within their organizations as well as information on how to govern the program, identify and communicate with stakeholders, manage risk, and other related topics.
This 101 guide answers the most common ICAM program organization and management questions, including:
- How can I establish governance to ensure ICAM alignment at the agency level?
- Who are my key ICAM stakeholders?
- What best practices support ICAM implementation?
The guide is organized by sections, each of which describes an essential feature of ICAM program management, including recommendations and lessons learned from agencies who have implemented ICAM programs.
FICAM Architecture and Playbooks
The FICAM Architecture and accompanying playbooks, maintained by GSA in coordination with the Office of Management and Budget (OMB) and the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA), contains processes, procedures, and considerations for planning and managing identity, credential, and access management processes within federal agencies.
These playbooks are hosted on GitHub and provide common policy interpretations and patterns to help you implement and execute ICAM at your agency. The playbooks are a government-wide collaboration based on the needs and interests of individual agencies and governmentwide groups. Reach out to icam at gsa dot gov to suggest new topics.
- National Initiative for Cybersecurity Education (NICE) – A partnership of government, academia, and the private sector focused on cybersecurity education, training, and workforce development. The National Institute of Standards and Technology (NIST) leads NICE.
- Secure Technology Alliance (STA) Education and Certification Programs – The STA offers educational and certification programs.
- National Cybersecurity Center of Excellence (NCCoE) – The NCCoE works with experts from industry, government, and academia to address businesses’ most pressing cybersecurity problems with practical, standards-based solutions using commercially available technologies.
- NIST Identity & Access Management – the NIST Identity & Access Management Resource Center, share efforts that strengthen the security, privacy, usability, and interoperability of solutions that meet an organization’s identity and access management needs throughout the system lifecycle.