Upload
aylin-benjamin
View
221
Download
1
Tags:
Embed Size (px)
Citation preview
Identity, Credential, and Access Management
Federal CIO CouncilInformation Security and Identity Management Committee
The Future of Federal Identity Management
Judith SpencerAgency Expert - IDMOffice of Governmentwide [email protected]
www.idmanagement.gov
Identity, Credential, and Access Management
What is ICAM?
ICAM represents the intersection of digital identities, credentials, and access control into one comprehensive approach.
Key ICAM Service Areas Include: Digital Identity Credentialing Privilege Management Authentication Authorization & Access Cryptography Auditing and Reporting
Identity, Credential, and Access Management
ICAM Drivers
Increasing Cybersecurity threats There is no National, International, Industry “standard” approach to individual identity
on the network. (CyberSecurity Policy Review) Security weaknesses found across agencies included the areas of user identification
and authentication, encryption of sensitive data, logging and auditing, and physical access (GAO-09-701T)
Need for improved physical security Lag in providing government services electronically Vulnerability of Personally Identifiable Information (PII) Lack of interoperability
“The ICAM segment architecture will serve as an important tool for providing awareness to external mission partners and drive the development and implementation of interoperable solutions.” (President’s FY2010 Budget)
High costs for duplicative processes and data management
3
Identity, Credential, and Access Management
ICAM Scope
Per
son
sP
erso
ns
No
n-P
erso
ns
No
n-P
erso
ns
Lo
gic
al A
cces
sL
og
ical
Acc
ess
Ph
ysic
al A
cce
ssP
hys
ical
Acc
ess
Identity, Credential, and Access Management
The development process involves coordination and collaboration with Federal Agencies, industry partners, and cross-government working groups.
The Roadmap team identified the key outputs of the Federal Segment Architecture Methodology (FSAM) needed for an ICAM segment architecture and coordinated these groups to develop workable approaches to enable cross-government solutions.
5
Interagency Security Committee (ISC) Information Sharing Environment (ISE) White House National Science and
Technology Council (NSTC) Committee for National Security Systems
(CNSS) Office of Management and Budget National Institute of Standards and
Technology (NIST) Office of National Coordinator (ONC) for
Health IT Multiple agencies represented within the
CIO council subcommittees and working groups
FICAM Development Process
Identity, Credential, and Access Management
Components of the ICAM Segment Architecture
6
Identity, Credential, and Access Management
7
ICAM Goals and ObjectivesThe Federal ICAM Roadmap addresses unclassified federal identity, credential, and access management programs and demonstrates the importance of implementing the ICAM segment architecture in support five overarching strategic goals and their related objectives.
Identity, Credential, and Access Management
Eleven Use Cases Covering:
Identity, Credential, and Access Management
Measuring Success
Identity, Credential, and Access Management
On-Going Activities
PIV Interoperability: Defining the parameters for an industry smart card that emulates the PIV credential FIPS 201 is limited to the Federal community External interoperability/trust is achievable
Trust Framework Providers and Scheme Adoption Non-cryptographic solutions at lower levels of assurance Industry self-regulation with government recognition Working with Open Solutions to enable open government
Federal PIV deployment exceeds 70% LACS deployment beginning PACS demonstration system operational
Identity, Credential, and Access Management
Increasing the Trusted Credential Community
Back to Basics – M-04-04 and NIST 800-63 are still the foundational policy/technical guidance for identity management in the Federal government.
Establish unified architecture for Identity Management
Expand our use of Assertion-based solutions (Levels 1&2) Stronger industry alignment for trust and technology standards
Federal Bridge interoperability will continue to play a role at Levels 3 & 4
Outreach to communities of interest Explore natural affinities
Identity, Credential, and Access Management
M-04-04:E-Authentication Guidance for Federal Agencies
OMB Guidance establishes 4 authentication assurance levels
Level 4Level 3Level 2Level 1Little or no confidence
in asserted identity Some confidence in
asserted identityHigh confidence in asserted identity
Very high confidence in the asserted
identity
Assurance Levels
Self-assertionminimum records
On-line, instant qualification – out-of-
band follow-up
On-line with out-of-band verification for
qualificationCryptographic
solution
In person proofingRecord a biometric
Cryptographic SolutionHardware Token
Assertion-based Crypto-based
Identity, Credential, and Access Management
FIPS 199 Risk/Impact Profiles Assurance Level Impact Profiles
Potential Impact Categories for Authentication Errors
1 2 3 4
Inconvenience, distress or damage to standing or reputation
Low Mod Mod High
Financial loss or agency liability Low Mod Mod High
Harm to agency programs or public interests
N/A Low Mod High
Unauthorized release of sensitive information
N/A Low Mod High
Personal Safety N/A N/A Low ModHigh
Civil or criminal violations N/A Low Mod High
Maximum Potential Impacts
Identity, Credential, and Access Management
Goals
Leverage Industry credentials for Government use Make Government more transparent to the Public Make it easier for American Public to access government
information Avoid issuance of application-specific credentials Leverage Web 2.0 technologies Demonstrate feasibility with application(s) assessed at
Assurance Level 1 Support applications at higher assurance levels as
appropriate
Identity, Credential, and Access Management
Enabling e-Government
Business Process Redesign will result in standardized interfaces for logical access
Streamlined access control/provisioning
Well-understood Federated trust at multiple levels of assurance Level 4 will require PIV-I Levels 1-3 will recognize
multiple solutions/identity schemes
Greater trust in external credential validity
Repeatable process
Identity, Credential, and Access Management
16
Identity and Access Management Are Foundational to Information Sharing and Collaboration
First release of Trust Framework Provider Approval Process and Identity Scheme Adoption Process available for public review www.idmanagement.gov
Industry Partners are Fielding Identity Credentials as well as Creating Federations for Sharing & Collaboration Open ID Foundation infoCard Foundation InCommon Federation
Progress Depends on Public-Private Partnering
Summary