One Line
The Federal Government has implemented the ICAM policy to regulate access to protected resources, replacing older memos from 2004.
Slides
Slide Presentation (12 slides)
Key Points
- Identity, Credentialing, and Access Management (ICAM) is a policy that allows organizations to manage, monitor, and secure access to protected resources.
- The Federal Government's ICAM policy is outlined in the memorandum OMB M-19-17 and supersedes previous memos dating back to 2004.
- Agencies must implement the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-63-3 and other related publications to establish a comprehensive approach to identity proofing.
- Agencies' ICAM strategies should shift from the obsolete Levels of Assurance (LOA) model to a risk management perspective aligned with agency missions.
- The security and delivery of agency services, as well as individual privacy, are significantly impacted by how agencies conduct identity proofing, establish digital identities, and implement authentication and access control processes.
Summaries
22 word summary
The Federal Government has set forth the ICAM policy to manage access to protected resources, replacing previous memos dating back to 2004.
36 word summary
The Identity, Credentialing, and Access Management (ICAM) policy is set forth by the Federal Government to manage access to protected resources. This policy overrides previous memos dating back to 2004. ICAM includes tools, policies, and systems
Raw indexed text (4,172 chars / 591 words / 96 lines)
Policies & Priorities | CIO.GOV
Skip to main content
An official website of the United States government
Heres how you know
Here's how you know
The .gov means its official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure youre on a federal government site.
The site is secure.
The
https://
ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.
Menu
About Our Council
Purpose and Vision
Members and Leadership
Meetings and Operations
Committees and Communities
Policies, Priorities & Resources
Policy and Priority Catalog
CIO Handbook
AIA tool
Federal IT Ops Plan
Programs & Events
Innovation Symposium Series
Women in IT & Cyber
Data Science Training Program
CIO Bootcamp
Innovation Roundtables
Federal Tech Day
All Events
News
Contact Us
Government Tech Jobs
Search
Search
Policies & Priorities
Identity, Credentialing, and Access Management (ICAM)
Policy Overview
The memorandum OMB M-19-17 in May 2019,
Identity, Credentialing, and Access Management (ICAM)
, sets forth the Federal Governments latest ICAM policy and overrides a number of prior OMB memos dating to 2004.
Generally speaking, ICAM comprises the tools, policies, and systems that allow an organization to manage, monitor, and secure access to protected resources. To ensure secure and efficient operations, agencies of the Federal Government must be able to identify, credential, monitor, and manage subjects that access Federal resources. This includes information, information systems, facilities, and secured areas across their respective enterprises. In particular, how agencies conduct identity proofing, establish enterprise digital identities, and adopt sound processes for authentication and access control significantly affects the security and delivery of their services, as well as individuals privacy.
Furthermore, in line with the Federal Governments updated approach to modernization, it is essential that agencies ICAM strategies and solutions shift from the obsolete Levels of Assurance (LOA) model towards a new model informed by risk management perspectives, the Federal resource accessed, and outcomes aligned to agency missions. To set the foundation for identity management and its usage to access physical and digital resources, agencies must implement National Institute of Standards and Technology (NIST) Special Publication (SP) 800-63-3 and any successive versions (hereafter referred to as NIST SP 800-63). While NIST SP 800-63 is the foundation for digital identity, agencies must use it in combination with the remaining suite of publications that relate to identity management issued by NIST, the Office of Personnel Management, and the Department of Homeland Security, to form a comprehensive approach to identity proofing that safeguards privacy and security.
Related Policies, Priorities and Resources
14 items
Policy
Federal Cybersecurity Workforce Strategy
Policy
Management of High Value Assets
Policy
Circular No. A-130 - Managing Information as a Strategic Resource
Policy
Federal Information Security Modernization Act (FISMA)
Priority
The Federal Risk and Authorization Management Program (FedRAMP)
Priority
Cybersecurity
Policy
Trusted Internet Connection 3.0
Report
CISO Handbook
Guidance
Federal Government Adoption of Internet Protocol Version 6 (IPv6) FAQs (2011)
Guidance
Planning Guide and Roadmap Toward IPv6 Adoption within the Federal Government (2012)
Website
FedRAMP Website
Website
FICAM's Identity Management Website
Website
OFCIO Policy Working Space
Website
Performance.gov - Government Performance Website
Back to Policies, Priorities and Resources
Federal Privacy Council
Perf. Improvement Council
Performance.gov
Evaluation Officer Council
Federal CFO Council
Federal CHCO Council
Federal CAO Council
RSS feed
Privacy Statement
Accessibility Policy
Contact Us
CIO.gov
An Official website of the Federal Government
About OMB
Accessibility Support
FOIA Requests
No FEAR Act Data
Office of the Inspector General
Performance Reports
Privacy Policy
Looking for U.S. government information and services?
Visit USA.gov