Security

Justice Department to Launch New ICAM System

The DOJ plans to roll out a central identity, credential and access management record repository.

Twitter

Phil Goldstein is a former web editor of the CDW family of tech magazines and a veteran technology journalist. He lives in Washington, D.C., with his wife and their animals: a dog named Brenna, and two cats, Grady and Princess.

The Justice Department plans to develop a new identity, credential and access management (ICAM) record system to serve as “a central and authoritative identity management data repository for DOJ identity information.”

The department recently made the disclosure in a filing in the Federal Register. The new system will be a part of the department’s Enterprise Identity, Credential, and Access Management services. It will combine user information from various data sources to “provide a centralized and authoritative identity governance solution,” according to the filing.

The system will serve as DOJ’s record repository for DOJ Identity Services, a program that allows DOJ management and IT staff to monitor and manage enterprise identities of agency employees, contractors and mission or business partners.

According to the filing, the DOJ will “collect and maintain identity records in order to manage enterprise accounts across DOJ components and business units.” That includes activities such as account requests, creation, modification, removal and annual account recertification across DOJ components.

Like other federal agencies, under the Federal Information Security Modernization Act of 2014, the DOJ is responsible for complying with policies and procedures issued by the Office of Management and Budget and putting in place cybersecurity protections “commensurate with the risk and magnitude of harm resulting from the unauthorized access, use, disclosure, disruption, modification, or destruction of DOJ information and information systems.”

OMB Introduces a New Federal Identity Policy

The DOJ’s proposed system comes as the government is revamping its approach to ICAM. In May, OMB issued a final, revised ICAM policy for the government. The policy revealed how the state of play around ICAM and identity governance has continued to evolve alongside cybersecurity threats that agencies face.

A key element of the policy is the need to execute effective ICAM governance, including the need to “define and maintain a single comprehensive ICAM policy, process, and technology solution roadmap, consistent with agency authorities and operational mission needs,” the memo notes.

Further, the policy directs agencies to “establish authoritative solutions for their ICAM services by rationalizing the ICAM capabilities that they will keep, replace, retire, or consolidate.” OMB encouraged agencies “to promote flexible and scalable solutions that can work across the agency and change as mission needs evolve.”

OMB says agencies must ensure that ICAM solutions they deploy are “interchangeable, use commercially available products, and leverage open Application Programming Interfaces (APIs) and commercial standards to enable componentized development and promote interoperability across all levels of government.”

According to a 2018 digital trust survey sponsored by Unisys, about two-thirds (64 percent) of federal government IT leaders view identity management solutions as a “very important” way to address the growing cybersecurity threat to their agencies.

There are numerous ICAM solutions agencies can employ, ranging from Microsoft Active Directory and Oracle Identity Cloud Service to solutions from SailPoint.

As agencies shift their cybersecurity strategies from perimeter defense to protecting high-value assets, it will become more important than ever for their security teams to know at a granular level who is on the network and which users have access to what data.

Kiyoshi Tanno/Getty Images