Identity, Credential, and Access Management (ICAM)
What is ICAM?
According to the CIO of the federal government, ICAM (“Identity, Credentialing, and Access Management”) is the federal government’s policy framework outlining “all the tools, policies, and systems that allow an organization to manage, monitor, and secure access to protected resources.” This policy dictates how agencies of the federal government must “identify, credential, monitor, and manage subjects that access Federal resources” with a special focus on managing risk, identifying which resource was accessed, and aligning outcomes to agency missions.
What can we use ICAM for?
ICAM lays out expectations around proofing identity, establishing digital identities, and adopting sound processes for authentication and access control, since these have the potential to significantly impact individual privacy, as well as the security and delivery of services. The framework also highlights how identity management is used to access both physical and digital resources, guided by the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-63-3, as well as a suite of related identity management publications from NIST, as well as the Department of Homeland Security and the Office of Personnel Management. The overarching goal is to “form a comprehensive approach to identity proofing that safeguards privacy and security.”