Skip to main content
4 May 2018

Strengthening the Cybersecurity of Federal Agencies through Improved Identity, Credential, and Access Management (ICAM)

By: Office of the Federal Chief Information Officer


Tag: 2018

Due to technical difficulties, OMB may not have received comments submitted to ofcio@omb.eop.gov on May 3rd (Thursday) or May 4th (Friday). If you submitted a comment on either of these days, or if you would like to submit a new comment via email, please send a message with any attachments to Jordan Burris at Jordan.C.Burris@omb.eop.gov. We apologize for any inconvenience this may have caused and are extending the submission window for this comment period through 11:59pm Monday, May 7th.

The Office of Management and Budget (OMB) is proposing a new policy to address Federal agencies’ implementation of Identity, Credential, and Access Management (ICAM) - the security disciplines that enable the right individual to access the right resource, at the right time, for the right reason. This updated policy reflects OMB’s commitment to the direction and vision outlined in the December 2017 Report to the President on IT Modernization , which drives the Federal government toward improved enterprise-level risk management through network modernization and more deliberate adoption of shared services.

Specifically, the memorandum defines new models for identity shared services, and it reduces the overall policy compliance burden borne by Federal agencies by rescinding five older memoranda, which collectively outline direction to agencies related to E-Authentication and acceptance of external credentials, among other matters. Additionally, it aligns OMB guidance with the technical requirements presented in National Institute of Standards and Technology (NIST) Special Publication 800-63-3, Digital Identity Guidelines , including associated companion documents, which cover identity proofing, registration, authenticators, management processes, authentication protocols, federation, and related assertions.

The document also outlines new responsibilities for the Department of Commerce (DOC), the General Services Administration (GSA), the Department of Homeland Security (DHS), and the Office of Personnel Management (OPM), who each will play a critical role supporting agencies as they adjust to the new policy.

A robust public comment period is essential for the success of this new guidance. Therefore, OMB is requesting feedback from business and mission partners, consumers who receive or who have applied for government services, and the public through May 6, 2018, at which time the public comment period will close.

To view the draft policy and respond to the Request for Comment, please click HERE.

For any questions, please contact Jordan.C.Burris@omb.eop.gov