FICAM in Brief: A Smart Card Alliance Summary of the Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance
Publication Date: May 2010
Purpose of the Brief
The Smart Card Alliance Identity Council and Physical Access Council developed the summary of the Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance to highlight key concepts and to make it more accessible to its target audiences. In developing and publishing the summary, the Smart Card Alliance hopes to expand the audience reading the document and promote its concepts broadly through the identity, credential and access management industry. The summary includes the FICAM segment architecture, as-is and target use cases, and roadmap and initiatives for Federal implementation of the FICAM architecture.
The Federal Government operates in a constantly shifting threat environment and identity management issues have been well-documented by the Government Accountability Office (GAO), National Science and Technology Council (NSTC) and Office of Management and Budget (OMB). The Administration has laid out clear goals to make government more accessible to the American public and outlined these goals in the new Cybersecurity Initiative. The Open Government Initiative promotes transparent, collaborative and participatory government that fully engages the public, while promoting data security, privacy and high assurance authentication. In addition, there is an increasing need for improved physical security at federally owned and leased facilities and sites. Requirements are being identified to support electronic business at all levels of assurance with Federal business partners and agencies experiencing a growing need to exchange information securely across network boundaries.
Agencies are working to address these challenges by issuing Personal Identity Verification (PIV) cards. The Federal Public Key Infrastructure (PKI) connects agency and commercial PKIs via a trust framework. Working groups are tackling relevant questions in agency- and mission-specific situations. Therefore, the CIO Council established the Identity, Credential, and Access Management Subcommittee (ICAMSC) with the charter to foster effective ICAM policies and enable trust across organizational, operational, physical, and network boundaries. The intersection of digital identities, credentials, and access control and the need for one comprehensive management approach has been officially stated.
The Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance was developed in support of the ICAM mission to provide a common segment architecture and implementation guidance. The President’s FY2010 budget cites the development of the Federal ICAM segment architecture, stating that, “one of the major outcomes of this effort is to allow agencies to create and maintain information systems that deliver more convenience, appropriate security, and privacy protection, with less effort and at a lower cost.”
The purpose of the FICAM document is to provide agencies with architecture and implementation guidance that addresses existing ICAM concerns and issues they face daily. In addition to helping agencies meet current gaps, agencies stand to gain significant benefits around security, cost, and interoperability which will have positive impacts beyond an individual agency in improving the delivery of services by the Federal Government. It also seeks to support the enablement of systems, policies, and processes to facilitate business between the Government and its business partners and constituents. Benefits associated with the proper implementation of ICAM include: increased security, compliance, improved interoperability, enhanced customer service, elimination of redundancy, and increase in protection of personally identifiable information (PII).
These benefits leverage standardized controls around identity and access management. The ICAM target state closes security gaps in the areas of user identification and authentication, encryption of sensitive data, and logging and auditing. It supports the integration of physical access control with enterprise identity and access systems, and enables information sharing across systems and agencies with common access controls and policies. The document is a call to action for ICAM policy makers and program implementers across the Federal Government to take ownership of their role in the overall success of the federal cybersecurity, physical security, and electronic government (E-Government) visions, as supported by ICAM. The FICAM document outlines several new agency initiatives and numerous supporting activities that agencies must complete in order to align with the government-wide ICAM framework, and that are also critical to addressing threats and challenges facing the Federal Government.
About the Smart Card Alliance Identity Council
The Smart Card Alliance Identity Council is focused on promoting the need for technologies and usage solutions regarding human identity information to address the challenges of securing identity information and reducing identity fraud and to help organizations realize the benefits that secure identity information delivers. The Council engages a broad set of participants and takes an industry perspective, bringing careful thought, joint planning, and multiple organization resources to bear on addressing the challenges of securing identity information for proper use.
About the Smart Card Alliance Physical Access Council
The Smart Card Alliance Physical Access Council is focused on accelerating widespread acceptance, use, and application of smart card technology for physical access control. The Council brings together leading users and technologists from both the public and private sectors in an open forum and works on activities that are important to the physical access industry and address key issues that end user organizations have in deploying new physical access system technology. The Physical Access Council includes participants from across the smart card and physical access control system industry, including end users; smart card chip, card, software, and reader vendors; physical access control system vendors; and integration service providers.
Identity and Physical Access Council members involved in the development of this white paper included: AMAG Technology; Booz Allen Hamilton; Cogent Systems; Datawatch; Deloitte; Diebold; Gemalto; GSA; Hewlett Packard Enterprise Services; Hirsch Electronics; IBM; Identification Technology Partners; IDmachines; IQ Devices; Probaris; Roehr Consulting; SCM Microsystems; Shane-Gelling Company; TrustBearer; Tyco International; U.S. Department of Defense/Defense Manpower Data Center; U.S. Department of State; XTec, Inc.