The Office of Management and Budget has proposed a new policy that seeks to help federal agencies ensure the security of information systems and data through the implementation of identity, credential and access management practices.
OMB Director Mick Mulvaney wrote in a memorandum published Friday that the proposed policy calls for agencies to implement the National Institute of Standards and Technology Special Publication 800-63, Digital Identity Guidelines and comply with the Homeland Security Presidential Directive 12 to ensure ICAM governance.
Agencies should assign an ICAM team or office to support their enterprise risk management capabilities, integrate digital risk management into current processes and outline enterprise-level performance expectations for privacy risk management and cybersecurity to meet ICAM governance-related goals.
The memo recommends agencies to modernize their ICAM capabilities through the development of authoritative platforms for ICAM services and promotion of innovation through modularity.
OMB listed credential management services and identity assurance and authentication services for consumers and businesses as some of the shared services that agencies can implement to speed up ICAM capability adoption.
The draft policy also enumerated the responsibilities by the General Services Administration and the departments of Commerce and Homeland Security to improve digital identity use and management.