Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Policies & Priorities

Identity, Credentialing, and Access Management (ICAM)

Policy Overview

The memorandum OMB M-19-17 in May 2019, Identity, Credentialing, and Access Management (ICAM), sets forth the Federal Government’s latest ICAM policy and overrides a number of prior OMB memos dating to 2004.

Generally speaking, ICAM comprises the tools, policies, and systems that allow an organization to manage, monitor, and secure access to protected resources. To ensure secure and efficient operations, agencies of the Federal Government must be able to identify, credential, monitor, and manage subjects that access Federal resources. This includes information, information systems, facilities, and secured areas across their respective enterprises. In particular, how agencies conduct identity proofing, establish enterprise digital identities, and adopt sound processes for authentication and access control significantly affects the security and delivery of their services, as well as individuals’ privacy.

Furthermore, in line with the Federal Government’s updated approach to modernization, it is essential that agencies’ ICAM strategies and solutions shift from the obsolete Levels of Assurance (LOA) model towards a new model informed by risk management perspectives, the Federal resource accessed, and outcomes aligned to agency missions. To set the foundation for identity management and its usage to access physical and digital resources, agencies must implement National Institute of Standards and Technology (NIST) Special Publication (SP) 800-63-3 and any successive versions (hereafter referred to as NIST SP 800-63). While NIST SP 800-63 is the foundation for digital identity, agencies must use it in combination with the remaining suite of publications that relate to identity management issued by NIST, the Office of Personnel Management, and the Department of Homeland Security, to form a comprehensive approach to identity proofing that safeguards privacy and security.  

❮   Back to Policies, Priorities and Resources

CIO.gov

An Official website of the Federal Government

Looking for U.S. government information and services?
Visit USA.gov