OMB Issues Updated Identity, Credential & Access Management Policy

Jeff Brody

The Office of Management and Budget issued a memorandum updating the identity, credential and access management policy for federal agencies.

Agencies should transition their ICAM strategies and platforms from the levels of assurance model towards a new framework “informed by risk management perspectives, the federal resource accessed and outcomes aligned to agency missions,” according to the memo issued Tuesday by Russell Vought, acting OMB director. 

The document directs agencies to comply with the requirements set by the Office of Personnel Management with regard to issuing and revoking personal identity verification credentials and implement measures to manage access control. Under the memo’s Shifting the Operating Model beyond the Perimeter section, agencies are advised to include in all contracts a requirement to comply with the Homeland Security Presidential Directive 12 and Federal Information Processing Standard 201 for contracting staff. 

The policy recommends the use of Tier 2 and best-in-class contract vehicles, shared services and the Continuous Diagnostics and Mitigation program to acquire digital certificates and other ICAM-related capabilities. OMB enumerated ICAM-related directives and deadlines for the departments of Homeland Security and Commerce, General Services Administration and OPM. 

You may also be interested in...

Army Multi-Domain

Army Activates 2nd Multi-Domain Task Force in Germany for Defeating A2/AD Networks; Col. Jonathan Byrom Quoted

U.S. Army Europe and Africa has activated the 2nd Multi-Domain Task Force, a group tasked to stop adversary anti-access/area-denial networks in land, air, water, space and other environments. The 2nd MDTF will be based at the Clay Kaserne installation in Wiesbaden, Germany, and will be led by Col. Jonathan Byrom, the Army said Friday.