Skip to main content

REQUEST FOR COMMENT - Strengthening the Cybersecurity of Federal Agencies through Improved Identity, Credential, and Access Management (ICAM)

May 4, 2018 - Posted by: Office of the Federal Chief Information Officer

Due to technical difficulties, OMB may not have received comments submitted to on May 3rd (Thursday) or May 4th (Friday). If you submitted a comment on either of these days, or if you would like to submit a new comment via email, please send a message with any attachments to Jordan Burris at We apologize for any inconvenience this may have caused and are extending the submission window for this comment period through 11:59pm Monday, May 7th.

April 6, 2018 - Posted by: Office of the Federal Chief Information Officer

The Office of Management and Budget (OMB) is proposing a new policy to address Federal agencies’ implementation of HTML - Identity, Credential, and Access Management (ICAM) - the security disciplines that enable the right individual to access the right resource, at the right time, for the right reason. This updated policy reflects OMB’s commitment to the direction and vision outlined in the December 2017 HTML - Report to the President on IT Modernization) , which drives the Federal government toward improved enterprise-level risk management through network modernization and more deliberate adoption of shared services.

Specifically, the memorandum defines new models for identity shared services, and it reduces the overall policy compliance burden borne by Federal agencies by rescinding five older memoranda, which collectively outline direction to agencies related to E-Authentication and acceptance of external credentials, among other matters. Additionally, it aligns OMB guidance with the technical requirements presented in National Institute of Standards and Technology (NIST) HTML -Special Publication 800-63-3, Digital Identity Guidelines , including associated companion documents, which cover identity proofing, registration, authenticators, management processes, authentication protocols, federation, and related assertions.

The document also outlines new responsibilities for the Department of Commerce (DOC), the General Services Administration (GSA), the Department of Homeland Security (DHS), and the Office of Personnel Management (OPM), who each will play a critical role supporting agencies as they adjust to the new policy.

A robust public comment period is essential for the success of this new guidance. Therefore, OMB is requesting feedback from business and mission partners, consumers who receive or who have applied for government services, and the public through May 6, 2018, at which time the public comment period will close.

To view the draft policy and respond to the Request for Comment, please click HTML HERE .

For any questions, please contact Jordan Burris at