Presentation on theme: "Federal Identity Management"— Presentation transcript:
1 Federal Identity Management The Future ofFederal Identity ManagementJudith SpencerAgency Expert - IDMOffice of Governmentwide PolicyGSA
2 What is ICAM?ICAM represents the intersection of digital identities, credentials, and access control into one comprehensive approach.Key ICAM Service Areas Include:Digital IdentityCredentialingPrivilege ManagementAuthenticationAuthorization & AccessCryptographyAuditing and Reporting
3 ICAM Drivers Increasing Cybersecurity threats There is no National, International, Industry “standard” approach to individual identity on the network. (CyberSecurity Policy Review)Security weaknesses found across agencies included the areas of user identification and authentication, encryption of sensitive data, logging and auditing, and physical access (GAO T)Need for improved physical securityLag in providing government services electronicallyVulnerability of Personally Identifiable Information (PII)Lack of interoperability“The ICAM segment architecture will serve as an important tool for providing awareness to external mission partners and drive the development and implementation of interoperable solutions.” (President’s FY2010 Budget)High costs for duplicative processes and data management
5 FICAM Development Process The development process involves coordination and collaboration with Federal Agencies, industry partners, and cross-government working groups.The Roadmap team identified the key outputs of the Federal Segment Architecture Methodology (FSAM) needed for an ICAM segment architecture and coordinated these groups to develop workable approaches to enable cross-government solutions.Interagency Security Committee (ISC)Information Sharing Environment (ISE)White House National Science and Technology Council (NSTC)Committee for National Security Systems (CNSS)Office of Management and BudgetNational Institute of Standards and Technology (NIST)Office of National Coordinator (ONC) for Health ITMultiple agencies represented within the CIO council subcommittees and working groups
6 Components of the ICAM Segment Architecture Performance ArchitectureOutlines strategic vision for ICAMIncludes 32 performance metrics, 4 of which will be tracked on data.govBusiness Architecture11 use cases representing high level government-wide ICAM functionsSupports IEE, G2G, G2B, and G2C scenariosData ArchitectureDetails data sources and elements supporting each use caseIllustrates the flow of information within the use casesService ArchitectureDefines service types and components specific to ICAMSupports the Federal Enterprise Architecture Service Reference ModelTechnical ArchitectureComprise the high level vision of the technical architectureTarget state moves towards shared agency and federal infrastructures
7 ICAM Goals and Objectives The Federal ICAM Roadmap addresses unclassified federal identity, credential, and access management programs and demonstrates the importance of implementing the ICAM segment architecture in support five overarching strategic goals and their related objectives.
10 On-Going ActivitiesPIV Interoperability: Defining the parameters for an industry smart card that emulates the PIV credentialFIPS 201 is limited to the Federal communityExternal interoperability/trust is achievableTrust Framework Providers and Scheme AdoptionNon-cryptographic solutions at lower levels of assuranceIndustry self-regulation with government recognitionWorking with Open Solutions to enable open governmentFederal PIV deployment exceeds 70%LACS deployment beginningPACS demonstration system operational
11 Increasing the Trusted Credential Community Back to Basics – M and NIST are still the foundational policy/technical guidance for identity management in the Federal government.Establish unified architecture for Identity ManagementExpand our use of Assertion-based solutions (Levels 1&2)Stronger industry alignment for trust and technology standardsFederal Bridge interoperability will continue to play a role at Levels 3 & 4Outreach to communities of interestExplore natural affinities
12 M-04-04:E-Authentication Guidance for Federal Agencies Assurance LevelsM-04-04:E-Authentication Guidance forFederal AgenciesOMB Guidance establishes 4 authenticationassurance levelsLevel 4Level 3Level 2Level 1Little or no confidence in asserted identitySome confidence in asserted identityHigh confidence in asserted identityVery high confidence in the asserted identityThis synopsizes the four levels of assurance and some of the high level security controls at each level.On-line with out-of-band verification for qualificationCryptographic solutionSelf-assertionminimum recordsOn-line, instant qualification – out-of-band follow-upIn person proofingRecord a biometricCryptographic SolutionHardware TokenAssertion-basedCrypto-based
13 Maximum Potential Impacts FIPS 199 Risk/Impact ProfilesAssurance Level Impact ProfilesPotential Impact Categories forAuthentication Errors1234Inconvenience, distress or damage to standing or reputationLowModHighFinancial loss or agency liabilityHarm to agency programs or public interestsN/AUnauthorized release of sensitive informationPersonal SafetyCivil or criminal violations
14 Goals Leverage Industry credentials for Government use Make Government more transparent to the PublicMake it easier for American Public to access government informationAvoid issuance of application-specific credentialsLeverage Web 2.0 technologiesDemonstrate feasibility with application(s) assessed at Assurance Level 1Support applications at higher assurance levels as appropriate
15 Enabling e-Government Business Process Redesign will result in standardized interfaces for logical accessStreamlined access control/provisioningWell-understood Federated trust at multiple levels of assuranceLevel 4 will require PIV-ILevels 1-3 will recognize multiple solutions/identity schemesGreater trust in external credential validityRepeatable process
16 SummaryIdentity and Access Management Are Foundational to Information Sharing and CollaborationFirst release of Trust Framework Provider Approval Process and Identity Scheme Adoption Process available for public reviewIndustry Partners are Fielding Identity Credentials as well as Creating Federations for Sharing & CollaborationOpen ID FoundationinfoCard FoundationInCommon FederationProgress Depends on Public-Private Partnering16
Your consent to our cookies if you continue to use this website.