OMB has posted a draft policy titled Strengthening the Cybersecurity of Federal Agencies through Improved Identity, Credential, and Access Management, aimed at enabling “the right individual to access the right resource, at the right time, for the right reason.”
“Agencies must be able to identify, credential, monitor, and manage user access to information and information systems across their enterprise in order to ensure secure and efficient operations. In particular, how agencies conduct identity proofing, establish digital identities, and adopt sound processes for authentication and access control will significantly impact the security of their digital services,” says an online notice.
“Additionally, as information about individuals becomes more widely available through social media or through breaches of personally identifiable information, it is increasingly important that all agencies adopt identity validation solutions that enhance privacy and mitigate negative impacts to delivery of digital services and maintenance of online trust. It is also essential that agencies’ Identity, Credential, and Access Management (ICAM) strategies and solutions are informed by risk perspectives and driven by targeted outcomes,” it says.
The proposed policy covers topics including implementation of effective ICAM governance; modernization of agency ICAM capabilities; and agency adoption of ICAM shared solutions and services.
Links to the draft memo and the procedure for comments, which are being accepted through May 6, are on the CIO Council site.