Skip to main content

REQUEST FOR COMMENT - Strengthening the Cybersecurity of Federal Agencies through Improved Identity, Credential, and Access Management (ICAM)

April 6, 2018 - Posted by: Office of the Federal Chief Information Officer

The Office of Management and Budget (OMB) is proposing a new policy to address Federal agencies’ implementation of Identity, Credential, and Access Management (ICAM) - the security disciplines that enable the right individual to access the right resource, at the right time, for the right reason. This updated policy reflects OMB’s commitment to the direction and vision outlined in the December 2017 Report to the President on IT Modernization) , which drives the Federal government toward improved enterprise-level risk management through network modernization and more deliberate adoption of shared services.

Specifically, the memorandum defines new models for identity shared services, and it reduces the overall policy compliance burden borne by Federal agencies by rescinding five older memoranda, which collectively outline direction to agencies related to E-Authentication and acceptance of external credentials, among other matters. Additionally, it aligns OMB guidance with the technical requirements presented in National Institute of Standards and Technology (NIST) Special Publication 800-63-3, Digital Identity Guidelines , including associated companion documents, which cover identity proofing, registration, authenticators, management processes, authentication protocols, federation, and related assertions.

The document also outlines new responsibilities for the Department of Commerce (DOC), the General Services Administration (GSA), the Department of Homeland Security (DHS), and the Office of Personnel Management (OPM), who each will play a critical role supporting agencies as they adjust to the new policy.

A robust public comment period is essential for the success of this new guidance. Therefore, OMB is requesting feedback from business and mission partners, consumers who receive or who have applied for government services, and the public through May 6, 2018, at which time the public comment period will close.

To view the draft policy and respond to the Request for Comment, please click HERE .

For any questions, please contact Jordan Burris at