Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identity, Credential, and Access Management Federal CIO Council Information Security and Identity Management Committee The Future of Federal Identity Management.

Similar presentations


Presentation on theme: "Identity, Credential, and Access Management Federal CIO Council Information Security and Identity Management Committee The Future of Federal Identity Management."— Presentation transcript:

1 Identity, Credential, and Access Management Federal CIO Council Information Security and Identity Management Committee The Future of Federal Identity Management Judith Spencer Agency Expert - IDM Office of Governmentwide Policy GSA

2 Identity, Credential, and Access Management What is ICAM?  ICAM represents the intersection of digital identities, credentials, and access control into one comprehensive approach.  Key ICAM Service Areas Include:  Digital Identity  Credentialing  Privilege Management  Authentication  Authorization & Access  Cryptography  Auditing and Reporting

3 Identity, Credential, and Access Management ICAM Drivers  Increasing Cybersecurity threats  There is no National, International, Industry “standard” approach to individual identity on the network. (CyberSecurity Policy Review)  Security weaknesses found across agencies included the areas of user identification and authentication, encryption of sensitive data, logging and auditing, and physical access (GAO T)  Need for improved physical security  Lag in providing government services electronically  Vulnerability of Personally Identifiable Information (PII)  Lack of interoperability  “The ICAM segment architecture will serve as an important tool for providing awareness to external mission partners and drive the development and implementation of interoperable solutions.” (President’s FY2010 Budget)  High costs for duplicative processes and data management 3

4 Identity, Credential, and Access Management ICAM Scope PersonsNon-Persons Logical Access Physical Access

5 Identity, Credential, and Access Management  The development process involves coordination and collaboration with Federal Agencies, industry partners, and cross-government working groups.  The Roadmap team identified the key outputs of the Federal Segment Architecture Methodology (FSAM) needed for an ICAM segment architecture and coordinated these groups to develop workable approaches to enable cross-government solutions. 5  I nteragency Security Committee (ISC)  Information Sharing Environment (ISE)  White House National Science and Technology Council (NSTC)  Committee for National Security Systems (CNSS)  Office of Management and Budget  National Institute of Standards and Technology (NIST)  Office of National Coordinator (ONC) for Health IT  Multiple agencies represented within the CIO council subcommittees and working groups FICAM Development Process

6 Identity, Credential, and Access Management Components of the ICAM Segment Architecture 6 Outlines strategic vision for ICAM Includes 32 performance metrics, 4 of which will be tracked on data.gov Performance Architecture 11 use cases representing high level government-wide ICAM functions Supports IEE, G2G, G2B, and G2C scenarios Business Architecture Details data sources and elements supporting each use case Illustrates the flow of information within the use cases Data Architecture Defines service types and components specific to ICAM Supports the Federal Enterprise Architecture Service Reference Model Service Architecture Comprise the high level vision of the technical architecture Target state moves towards shared agency and federal infrastructures Technical Architecture

7 Identity, Credential, and Access Management 7 ICAM Goals and Objectives The Federal ICAM Roadmap addresses unclassified federal identity, credential, and access management programs and demonstrates the importance of implementing the ICAM segment architecture in support five overarching strategic goals and their related objectives.

8 Identity, Credential, and Access Management Eleven Use Cases Covering:

9 Identity, Credential, and Access Management Measuring Success

10 Identity, Credential, and Access Management On-Going Activities  PIV Interoperability: Defining the parameters for an industry smart card that emulates the PIV credential  FIPS 201 is limited to the Federal community  External interoperability/trust is achievable  Trust Framework Providers and Scheme Adoption  Non-cryptographic solutions at lower levels of assurance  Industry self-regulation with government recognition  Working with Open Solutions to enable open government  Federal PIV deployment exceeds 70%  LACS deployment beginning  PACS demonstration system operational

11 Identity, Credential, and Access Management Increasing the Trusted Credential Community  Back to Basics – M and NIST are still the foundational policy/technical guidance for identity management in the Federal government.  Establish unified architecture for Identity Management  Expand our use of Assertion-based solutions (Levels 1&2)  Stronger industry alignment for trust and technology standards  Federal Bridge interoperability will continue to play a role at Levels 3 & 4  Outreach to communities of interest  Explore natural affinities

12 Identity, Credential, and Access Management M-04-04:E-Authentication Guidance for Federal Agencies OMB Guidance establishes 4 authentication assurance levels Level 4Level 3Level 2Level 1 Little or no confidence in asserted identity Some confidence in asserted identity High confidence in asserted identity Very high confidence in the asserted identity Assurance Levels Self-assertion minimum records On-line, instant qualification – out-of- band follow-up On-line with out-of- band verification for qualification Cryptographic solution In person proofing Record a biometric Cryptographic Solution Hardware Token Assertion-based Crypto-based

13 Identity, Credential, and Access Management FIPS 199 Risk/Impact Profiles Assurance Level Impact Profiles Potential Impact Categories for Authentication Errors 1234 Inconvenience, distress or damage to standing or reputation LowMod High Financial loss or agency liabilityLowMod High Harm to agency programs or public interestsN/ALowModHigh Unauthorized release of sensitive information N/ALowModHigh Personal SafetyN/A LowMod High Civil or criminal violationsN/ALowModHigh Maximum Potential Impacts

14 Identity, Credential, and Access Management Goals  Leverage Industry credentials for Government use  Make Government more transparent to the Public  Make it easier for American Public to access government information  Avoid issuance of application-specific credentials  Leverage Web 2.0 technologies  Demonstrate feasibility with application(s) assessed at Assurance Level 1  Support applications at higher assurance levels as appropriate

15 Identity, Credential, and Access Management Enabling e-Government  Business Process Redesign will result in standardized interfaces for logical access  Streamlined access control/provisioning  Well-understood Federated trust at multiple levels of assurance  Level 4 will require PIV-I  Levels 1-3 will recognize multiple solutions/identity schemes  Greater trust in external credential validity  Repeatable process

16 Identity, Credential, and Access Management 16  Identity and Access Management Are Foundational to Information Sharing and Collaboration  First release of Trust Framework Provider Approval Process and Identity Scheme Adoption Process available for public review   Industry Partners are Fielding Identity Credentials as well as Creating Federations for Sharing & Collaboration  Open ID Foundation  infoCard Foundation  InCommon Federation  Progress Depends on Public-Private Partnering Summary


Download ppt "Identity, Credential, and Access Management Federal CIO Council Information Security and Identity Management Committee The Future of Federal Identity Management."

Similar presentations


Ads by Google