Presentation is loading. Please wait.

Presentation is loading. Please wait.

Federal ICAM Goals Fostering effective government-wide identity and access management Enabling trust in online transactions through common identity and.

Published byShyann Blea Modified over 9 years ago

Similar presentations

Presentation on theme: "Federal ICAM Goals Fostering effective government-wide identity and access management Enabling trust in online transactions through common identity and."— Presentation transcript:

0 ICAM is Executive Branch Implementation of the
ICAM Update GTRA Workshop 16 February 2012 ICAM is Executive Branch Implementation of the National Strategy for Trusted Identities in Cyberspace Paul D. Grant Special Assistant, Federated Identity Management and External Partnering Office of the DoD CIO Co-Chair, Identity, Credential and Access Management Sub-Committee, Federal CIO Council Time:

1 Federal ICAM Goals Fostering effective government-wide identity and access management Enabling trust in online transactions through common identity and access management policies and approaches Aligning federal agencies around common identity and access management practices Reducing the identity and access management burden for individual agencies by fostering common interoperable approaches Ensuring alignment across all identity and access management activities that cross individual agency boundaries Collaborating with external identity management activities through inter-federation to enhance interoperability The Federal ICAM Initiative provides cohesive governance for several programs that were previously governed and managed separately. Unclassified

2 ICAM Scope Non-Persons Persons Logical Access Physical Access Foundation for Trust and Interoperability in Conducting Electronic Transactions both within the Federal Government and with External Partners Unclassified

3 FICAM Governance Structure
Evolving FICAM Governance Structure

4 FICAM Key Components in the ICAM Segment Architecture
FICAM Service Areas Digital Identity Credentialing Privilege Management Authentication Authorization & Access Cryptography Auditing and Reporting ICAM represents the intersection of digital identities, credentials, and access control into one comprehensive approach Unclassified

5 FICAM Services Framework
Credentialing Issuance Enrollment/Registration Credential Lifecycle Management Sponsorship Self-Service Auditing and Reporting Audit Trail Reports Management Authorization and Access Policy Decision Policy Enforcement Policy Administration Backend Attribute Retrieval Authentication Credential Validation Biometric Validation Session Management Federation Cryptography Encryption/Decryption Digital Signature Key Management Privilege Management Provisioning Account Management Bind/Unbind Privilege Administration Resource Attribute/ Metadata Management Digital Identity Digital Identity Lifecycle Management Identity Proofing Linking/Association Adjudication Vetting Authoritative Attribute Exchange Identity Attribute Discovery Unclassified

6 DoD ICAM Target State: Dynamic Access Control
Resource Management Policy Decision Point (PDP) Enforcement Point (PEP) Environmental Factors (e.g., DEFCON, INFOCON, Etc.) Policy-Based Authorization Services Store Resource Attribute Management Audit Management Authenticate Identity Management Identity & Credential Policy Management Digital Policy Management Credential Management User/Device Attribute Management Unclassified

7 PIV Implementation OMB Memo M-11-11“Continued Implementation of Homeland Security Presidential Directive (HSPD) 12 Policy for a Common Identification Standard for Federal Employees and Contractors,” was released on 3 Feb 2011. Provides additional implementation requirements around HSPD-12 Also directed alignment with the FICAM Roadmap and Implementation Guidance The DoD-CIO has distributed a memo giving implementation requirements to the DoD Components The deadlines are the same as in M-11-11 This guidance will help move the paradigm of everyone having a PIV card to everyone using the PIV card to improve operations in their everyday business. UNCLASSIFIED

8 Approved PIV-I Providers
Federal Bridge Approved PIV-I Providers:  VeriSign, Inc. (A Symantec Company)   Verizon Business Entrust Operational Research Consultants (ORC) Certipath Approved PIV-I Providers:  CitiBank HID (ActivIdentity) Goal: Large Number of Qualified Providers (NFI) for Partners to have Competitive Choices Unclassified

9 Recent Purchases of PIV-I Credentials
Booz Allen Hamilton California Prison Health Care Services Computer Sciences Corporation ICF international Millennium Challenge Corporation US Senate State of Colorado – purchasing PIV-I and trusts DoD CAC State of Kansas State of Illinois Commonwealth of Virginia – First Responders State of West Virginia – RFP Commonwealth of Pennsylvania – Chester Country issuing PIV-I Unclassified

10 Now Available to Public Information Assurance Support Environment (IASE) PKI/PKE
Hosts the DoD PKI/PKE site: 3 categories of PKIs Category I – U.S. Federal agency PKIs (i.e. PIV) Category II – Non-Federal Agency PKIs cross certified with the FBCA or PKIs from other PKI Bridges that are cross certified with FBCA Category III – Foreign, Allied, or Coalition Partner PKIs There are currently 5 PIV-I providers approved for Authentication in DoD: HID - ActivIdentity Inc. NFI PKI (August 2011), and VeriSign NFI PKI (April 2011) CitiBank (Jul 2011) Verizon Business NFI PKI (Jul 2011) Entrust (Oct 2011) Unclassified

11 Identity Federations (PKI Based)
test level; HE Bridge dormant Participants: AstraZeneca Bristol-Myers-Squibb Genzyme GlaxoSmithKline Johnson & Johnson Merck Nektar Organon Pfizer Procter & Gamble Roche Sanofi-Aventis Federal Bridge Certipath (Aero/Def) SAFE (Bio/Pharma) Higher Education Cross Certified: D of Defense D of Justice Gov Printing Office D of State D of Treasury USPS Patent & Trademark Ofc DHS State of Illinois DEA CSOS Credential Svc Providers: VeriSign Verizon Business Entrust ORC DoD ECAs (ORC, IdenTrust, VeriSign) ACES (IdenTrust & ORC) Participants Boeing Lockheed Martin Northrop Grumman Raytheon EADS/Airbus MOD NL Exostar, SITA, ARINC, CitiBank, HID (ActivIdentity) BAE Systems (Exostar) Cross Certified at “Commercial Best Practices” Level Shared Service Providers VeriSign, Inc. Symantec Operational Research Consultants, Inc. The Department of the Treasury Entrust Managed Services U.S. Government Printing Office PKI Bridges Red: IAL-4 DoDI Federal Common Policy Root Current PIV-I issuers cross certified with the Federal Bridge: Approved PIV-I Providers:  VeriSign, Inc. (A Symantec Company) VeriSign Non-Federal SSP PKI in conjunction with the Intercede MyID CMS (version MyID8 SR1 and MyID 9) For more information contact: Nick Piazzola (Senior Director, Government Authentication Solutions) at or via at   Verizon Business For more information contact: Deborah Blanchard (Sr. Product Manager, Public Sector) at or via at   Entrust Entrust NFI SSP in conjunction with the XTec AuthentX™ CMS For more information contact: Jeff Brooks, Director, Entrust Federal at or via at or Tom Murphy, Director of Sales, XTec at or via at Approved PIV-I Bridges:   CertiPath For more information, contact Sergio Smith (Senior Director of Corporate Development Operations) at # or via at Fed Bridge Status: Certipath Status: Unclassified

12 Approach Trust Framework Providers Adoption Process
Adopt technologies in use by industry “Scheme Adoption” Adopt industry Trust Models “Trust Framework Adoption” Approach documents posted on Unclassified

13 Trust Framework Provider Adoption Process
Federal Identity Initiatives Trust Framework Provider Adoption Process The TFPAP is a process for assessing the efficacy of industry-based trust frameworks to enable an agency to trust an externally-issued electronic identity credential at a known level of assurance, comparable to LOA 1, 2, or non-PKI 3. Industry-based trust frameworks are adopted at specific assurance levels, considering the requirements of NIST SP800-63 Industry-based Trust Framework Providers assess individual identity providers for compliance with the policies, standards, and processes of the trust framework TFPAP addresses basic privacy principles of Opt In, Minimalism, Activity Tracking, Adequate Notice, Non-compulsory, and Termination Unclassified

14 Non-Federally Issued Credentials and the DoD
DoD is accepting approved IAL- 4 (Including PIV-I ) and approved PIV-I providers can be found at: DoD is drafting an approval process and implementation guidance for credentials approved through the Federal Trust Framework Process at IAL 1,2, and 3 (non-PKI) An executive summary on DoD’s acceptance of NFI credentials has been created and is being circulated now Trust Framework Provider Unclassified

15 Approved TFPs and NFIs under the TFPs
Adopted Trust Framework Providers Open Identity Exchange (OIX) ( Kantara Initiative ( InCommon ( SAFE Bio-Pharma ( Currently completing the approval process Approved NFI Providers Google – LOA 1 – OIX Equifax – LOA 1 – OIX Paypal – LOA 1 – OIX Verisign – LOA 1 – OIX Wave Systems – LOA 1 – OIX Verizon Business – LOA 1, 2, and 3 – Kantara Initiative Goal: Large Number of Qualified Providers (NFI) for Partners to have Competitive Choices Approved Trust Framework Providers and Identity Providers posted on Unclassified

16 National Strategy for Trusted Identities in Cyberspace
The National Strategy for Trusted Identities in Cyberspace (NSTIC or Strategy) charts a course for the public and private sectors to collaborate to raise the level of trust associated with the identities of individuals, organizations, networks, services, and devices involved in online transactions. The NSTIC’s vision is that: Individuals and organizations utilize secure, efficient, easy-to-use, and interoperable identity solutions to access online services in a manner that promotes confidence, privacy, choice, and innovation. The NSTIC prescribes 4 Guiding Principles: Identity Solutions will be Privacy-enhancing and Voluntary Identity Solutions will be Secure and Resilient Identity Solutions will be Interoperable Identity Solutions will be Cost-effective and Easy to Use The NSTIC Program Office is coordinating amongst multiple Federal Agencies to increase alignment with FICAM and working with the private sector to drive the future identity ecosystem. Unclassified

17 NSTIC Work In Progress NSTIC Federal Funding Opportunity
NIST is soliciting proposals from eligible proposers to pilot on-line identity solutions that embrace and advance the NSTIC vision NIST anticipates funding five (5) to eight (8) projects for up to two (2) years in the range of approximately $1,250,000 to $2,000,000 per year per project NIST Conducted a public meeting (Proposers’ Conference) in Washington, D.C. on 15 February, 0900 – 1400 Steering Committee/ Governance Recommendations Provides the government’s recommendations on the establishment of an Identity Ecosystem Steering Group that can bring together all NSTIC stakeholders The Steering Group should be established as a new organization that is led by the private sector in conjunction with, but independent of, the federal government. The group should be structured to safeguard the individual An administrative body to support the Steering Group should be initially funded by the government through a competitive two-year grant. Unclassified

18 Summary & Conclusions Strong Identity, Credential and Access Management Are Foundational to Secure Information Sharing, Secure Collaboration and Cybersecurity Shared Guidance is Improving: Much Room for More Improvement Clear, Consistent, Credible For Ourselves and Our Mission Partners Federal Identity, Credential, and Access Management (ICAM) is providing this consistent approach (with your help) Mission/Business Partners are Fielding Strong Identity Credentials as well as Creating Federations for Sharing & Collaboration Progress Depends on Public-Private Partnering Domestically and Internationally Unclassified

Download ppt "Federal ICAM Goals Fostering effective government-wide identity and access management Enabling trust in online transactions through common identity and."

Similar presentations

Single Sign-On and Federated Authentication at NIH and Beyond

Single Sign-On and Federated Authentication at NIH and Beyond
Portfolio Management, according to Office of Management and Budget (OMB) Circular A-16 Supplemental Guidance, is the coordination of Federal geospatial.

Portfolio Management, according to Office of Management and Budget (OMB) Circular A-16 Supplemental Guidance, is the coordination of Federal geospatial.
Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.

Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.
2009 IT Summit Federal CIO Council Breakout Session #5 Identity and Access Management Federal IT Summit October 28, 2009 Moderator: Paul Christy, SBA Paul.

2009 IT Summit Federal CIO Council Breakout Session #5 Identity and Access Management Federal IT Summit October 28, 2009 Moderator: Paul Christy, SBA Paul.
TFTM 01-06 Interim Trust Mark/Listing Approach Paper Discussion Deck TFTM Committee IDESG Plenary Meeting January 14, 2014 1-14-2014IDESG TFTM Committee1.

TFTM Interim Trust Mark/Listing Approach Paper Discussion Deck TFTM Committee IDESG Plenary Meeting January 14, IDESG TFTM Committee1.
Federal PKI Architecture Update

Federal PKI Architecture Update
The Federation for Identity and Cross-Credentialing Systems (FiXs) www.FiXs.org FiXs ® - Federated and Secure Identity Management in Operation Implementing.

The Federation for Identity and Cross-Credentialing Systems (FiXs) FiXs ® - Federated and Secure Identity Management in Operation Implementing.
Paul D. Grant Special Assistant, Federated Identity Management and External Partnering Office of the DoD CIO Co-Chair, Identity, Credential.

Paul D. Grant Special Assistant, Federated Identity Management and External Partnering Office of the DoD CIO Co-Chair, Identity, Credential.
Certificate Interoperability S&I Framework Initiative Final Report August 17, 2011.

Certificate Interoperability S&I Framework Initiative Final Report August 17, 2011.
The 4BF The Four Bridges Forum Federated PACS A Physical Access Use Case for Bridges FIPS 201/PIV-I PACS Interoperability April 28 th, 2009.

The 4BF The Four Bridges Forum Federated PACS A Physical Access Use Case for Bridges FIPS 201/PIV-I PACS Interoperability April 28 th, 2009.
SAFE-BioPharma Association NSTIC Day How does industry drive forward.

SAFE-BioPharma Association NSTIC Day How does industry drive forward.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
Private Sector Perspectives on Federal Financial Systems Modernization and Shared Services.

Private Sector Perspectives on Federal Financial Systems Modernization and Shared Services.
Public Key Infrastructure (PKI) Hosting Services.

Public Key Infrastructure (PKI) Hosting Services.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Federal Identity Management

Federal Identity Management
IDESG Goals & Work-plans for 2013 and beyond Brett McDowell IDESG Management Council Chair

IDESG Goals & Work-plans for 2013 and beyond Brett McDowell IDESG Management Council Chair
“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005 Homeland Security Presidential Directive 12 (HSPD-12)

“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005 Homeland Security Presidential Directive 12 (HSPD-12)
Spring 2013 ICAM Day Value of ICAM Breakout Session Paul D. Grant Director of Cybersecurity Policy, DoD CIO Co-Chair, Federal Identity, Credential &

Spring 2013 ICAM Day Value of ICAM Breakout Session Paul D. Grant Director of Cybersecurity Policy, DoD CIO Co-Chair, Federal Identity, Credential &
1 Trust Framework Portable Identity Schemes Trust Framework Portable Identity Schemes NIH iTrust Forum December 10, 2009 Chris Louden.

1 Trust Framework Portable Identity Schemes Trust Framework Portable Identity Schemes NIH iTrust Forum December 10, 2009 Chris Louden.

Similar presentations

Ads by Google