2009 IT Summit Federal CIO Council Breakout Session #5 Identity and Access Management Federal IT Summit October 28, 2009 Moderator: Paul Christy, SBA Paul.

Slides:



Advertisements
Similar presentations
Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.
Advertisements

BENEFITS OF SUCCESSFUL IT MODERNIZATION
Paul D. Grant Special Assistant, Federated Identity Management and External Partnering Office of the DoD CIO Co-Chair, Identity, Credential.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
Public Key Infrastructure (PKI) Hosting Services.
Identity Assurance at Virginia Tech CSG January 13, 2010 Mary Dunker
Federal Identity Management
HIMSS/GSA E-Authentication Initiative A Pilot Project of the HIMSS RHIO Federation HIMSS Public Policy Forum September 28, 2006 Mary Grizkewicz, HIMSS.
“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005 Homeland Security Presidential Directive 12 (HSPD-12)
U.S. Department of Agriculture eGovernment Program February 2004 eAuthentication Integration Status eGovernment Program.
Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.
Security Controls – What Works
U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Information Security Policies and Standards
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
Office of the Chief Information Officer EFCOG Annual Meeting Fred Catoe (IM-32) U.S. Department of Energy.
Information Technology Current Work in System Architecture November 2003 Tom Board Director, NUIT Information Systems Architecture.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
Investment Management Concepts Portfolio Management | Segment Architecture March 25, 2009 Adrienne Walker and Kshemendra Paul
The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication.
I DENTITY M ANAGEMENT Joe Braceland Mount Airey Group, Inc.
Information Sharing Puzzle: Next Steps Chris Rogers California Department of Justice April 28, 2005.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Global Federated Identity & Privilege Management GFIPM John Ruegg, Director LA County ISAB United States Department of Justice.
U.S. Department of Agriculture eGovernment Program December 3, 2003 eAuthentication Initiative USDA eAuthentication Service Overview eGovernment Program.
The InCommon Federation The U.S. Access and Identity Management Federation
Federal Aviation Administration Federal Aviation Administration 1 Presentation to: Name: Date: Federal Aviation Administration AMHS Security Security Sub-Group.
U.S. Department of Agriculture eGovernment Program August 14, 2003 eAuthentication Agency Application Pre-Design Meeting eGovernment Program.
Cyber Authentication Renewal Project Executive Overview June – minute Brief.
Elements of Trust Framework for Cyber Identity & Access Services CYBER TRUST FRAMEWORK Service Agreement Trust Framework Provider Identity Providers Credential.
1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Information Sharing Challenges, Trends and Opportunities
DRAFT – For Discussion Only HHSC IT Governance Executive Briefing Materials DRAFT April 2013.
U.S. Department of Agriculture eGovernment Program July 15, 2003 eAuthentication Initiative Pre-Implementation Status eGovernment Program.
Presented by: Presented by: Tim Cameron CommIT Project Manager, Internet 2 CommIT Project Update.
E-Authentication: Simplifying Access to E-Government Presented at the PESC 3 rd Annual Conference on Technology and Standards May 1, 2006.
1 © Material United States Department of the Interior Federal Information Security Management Act (FISMA) April 2008 Larry Ruffin & Joe Seger.
Enterprise Architecture, Enterprise Data Management, and Data Standardization Efforts at the U.S. Department of Education May 2006 Joe Rose, Chief Architect.
U.S. Department of Agriculture eGovernment Program July 9, 2003 eAuthentication Initiative Update for the eGovernment Working Group eGovernment Program.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.
Federated Authentication at NIH: Trusting External Credentials at Known Levels of Assurance Debbie Bucci and Peter Alterman November, 2009.
Information Technology Current Work in System Architecture January 2004 Tom Board Director, NUIT Information Systems Architecture.
EGovOS Panel Discussion CIO Council Architecture & Infrastructure Committee Subcommittee Co-Chairs March 15, 2004.
Identity Federations and the U.S. E-Authentication Architecture Peter Alterman, Ph.D. Assistant CIO, E-Authentication National Institutes of Health.
1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of.
Interoperable Trust Networks Chris Rogers California Dept of Justice February 16, 2005.
1 1 Cybersecurity : Optimal Approach for PSAPs FCC Task Force on Optimal PSAP Architecture Working Group 1 Final Report December 10 th, 2015.
NIST HIPAA Security Rule Toolkit Kevin Stine Computer Security Division Information Technology Laboratory National Institute of Standards and Technology.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Discussion - HITSC / HITPC Joint Meeting Transport & Security Standards Workgroup October 22, 2014.
University of Washington Collaboration: Identity and Access Management Lori Stevens University of Washington October 2007.
Electronic Security and PKI Richard Guida Chair, Federal PKI Steering Committee Chief Information Officers Council
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
National Geospatial Enterprise Architecture N S D I National Spatial Data Infrastructure An Architectural Process Overview Presented by Eliot Christian.
U.S. Department of Agriculture eGovernment Program Smart Choice Pre-Select Phase Transition September 2002.
NATIONAL INCIDENT MANAGEMENT SYSTEM Department of Homeland Security Executive Office of Public Safety.
© 2015 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential. About this Presentation  How to use this deck:  This is the Global Channel.
Federal Initiatives in IdM Dr. Peter Alterman Chair, Federal PKI Policy Authority.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
E-Authentication Guidance Jeanette Thornton, Office of Management and Budget “Getting to Green with E-Authentication” February 3, 2004 Executive Session.
Law Enforcement Information Sharing Program (LEISP) Federated Identity Management Pilot February 27, 2006.
NAAS 2.0 Features and Enhancements
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
Technical Approach Chris Louden Enspier
HIMSS National Conference New Orleans Convention Center
Appropriate Access InCommon Identity Assurance Profiles
A Quick Tour of the FIPS 201 Revision
Presentation transcript:

2009 IT Summit Federal CIO Council Breakout Session #5 Identity and Access Management Federal IT Summit October 28, 2009 Moderator: Paul Christy, SBA Paul Grant—DoD Owen Unangst, USDA Vance Hitch, USDoJ

2009 IT Summit Federal CIO Council Identity, Credential, and Access Management in and with The Federal Government Paul D. Grant Special Assistant, Federated IDM and External Partnering Office of the CIO DoD Federal IT Summit October 28,

3 What is ICAM? ICAM represents the intersection of digital identities, credentials, and access control into one comprehensive approach. Key ICAM Service Areas Include: Digital Identity Credentialing Privilege Management Authentication Authorization & Access Cryptography Auditing and Reporting

4 Presidents Budget for FY 2010 Extract from Section 9. LEVERAGING THE POWER OF TECHNOLOGY TO TRANSFORM THE FEDERAL GOVERNMENT To support this effort, the Federal Identity, Credential, and Access Management (ICAM) segment architecture provides Federal agencies with a consistent approach for managing the vetting and credentialing of individuals requiring access to Federal information systems and facilities The ICAM segment architecture will serve as an important tool for providing awareness to external mission partners and drive the development and implementation of interoperable solutions.

5 ICAM Scope PersonsNon-Persons Logical Access Physical Access Alignment of Federal ICAM and CNSS Identity and Access Management (National Security Systems) Interagency Security Committee (Physical Access Control) Awareness to External Mission Partners for interoperable solutions

6  The development process involves coordination and collaboration with Federal Agencies, industry partners, and cross-government groups.  The Roadmap team has produced the key outputs of the FSAM needed for an ICAM segment architecture, and have coordinated these groups to develop workable approaches to enable cross-government solutions. FICAM Development Process  Committee for National Security Systems (CNSS)  Interagency Security Council (ISC)  Information Sharing Environment (ISE)  White House National Science and Technology Council (NSTC)  Office of Management and Budget  National Institute of Science and Technology (NIST)  Office of National Coordinator (ONC) for Health IT  Multiple agencies represented within the CIO council subcommittees and working groups

7 Summary & Conclusions Strong Identity and Access Management Are Foundational to Secure Information Sharing, Collaboration and Cybersecurity Shared Guidance is Improving: Much Room for More Improvement Clear, Concise, Consistent, Credible For Ourselves and Our Mission Partners Federal Identity, Credential, and Access Management (ICAM) is providing this consistent approach (with your help) Mission Partners are Fielding Strong Identity Credentials as well as Creating Federations for Sharing & Collaboration Progress Depends on Public-Private Partnering Domestically and Internationally

8 Back Up Slides

9 Enabling Policy and Guidance The Mandate: HSPD-12 August 27, 2004 The Standard: FIPS-201 February 25, 2005 The Implementing Guidance: OMB M August 5, 2005 Federal PKI Common Policy Framework Special Publications Technical Specs. The E-Gov Act 0f 2002 The Implementing Guidance: OMB M December 16, 2003 The Technical Spec: SP June 2004 The Government Paperwork Elimination Act 0f 1998 Federal Bridge Model Policy The Implementing Guidance: OMB M December 20, 2004 The Implementing Guidance: OMB M April 25, 2000

10 M-04-04:E-Authentication Guidance for Federal Agencies OMB Guidance establishes 4 authentication assurance levels Identity Assurance Levels (IAL) Level 1 Little or no confidence in asserted identity Self-assertion minimum standards Level 3 High confidence in asserted identity On-line out-of-band verification for qualification Cryptographic Solution Level 2 Some confidence in asserted identity On-line instant qualification, out-of- band follow-up Level 4 Very high confidence in asserted identity In person proofing Record a biometric Cryptographic solution Hardware Token

11 FICAM Roadmap & Implementation Guidance Overview Overview of Identity, Credential, and Access Management. Provides an overview of ICAM that includes a discussion of the business and regulatory reasons for agencies to implement ICAM initiatives within their organization. ICAM Segment Architecture. Standards-based architecture that outlines a cohesive target state to ensure alignment, clarity, and interoperability across agency initiatives. ICAM Use Cases. Illustrate the as-is and target states of high level ICAM functions and frame a gap analysis between the as-is and target states. Transition Roadmap and Milestones. Defines a series of logical steps or phases that enable the implementation of the target architecture. ICAM Implementation Planning. Augments standard life cycle methodologies as they relate to specific planning considerations common across ICAM programs. Implementation Guidance. Provides guidance to agencies on how to implement the transition roadmap initiatives identified in the segment architecture, including best practices and lessons learned. PART A: ICAM Segment Architecture (Phase 1 of the effort) PART B: Implementation Guidance (Phase 2 of the effort)

12 ICAM Overview from ICAM Segment Architecture

13 Services Framework Categorization Scheme Service Type Provides a layer of categorization that defines the context of a specific set of service components Service Component A self contained business process or service with predetermined and well-defined functionality that may be exposed through a well-defined and documented business or technology interface Service Type Service Component

14 Credentialing Issuance Enrollment/Registration* Credential Lifecycle Management Sponsorship Self-Service* Auditing and Reporting Audit Trail* Reports Management Authorization and Access Policy Decision Policy Enforcement Policy Administration Backend Attribute Retrieval Authentication Credential Validation Biometric Validation Session Management Federation Services Framework Cryptography Encryption/Decryption Digital Signature* Key Management Privilege Management Provisioning Account Management* Bind/Unbind Privilege Administration Resource Attribute/ Metadata Management Digital Identity Digital Identity Lifecycle Management Identity Proofing Linking/Association* Adjudication Vetting Authoritative Attribute Exchange

15 ICAM Subcommittee Accomplishments Summary for FY 2009 Issued “Personal Identity Verification Interoperability (PIV-I) for non-Federal Issuers” in May, 2009 providing guidance on achieving identity credentials that are consistent with the PIV Credential and trustable by the Federal community. Initiated work on the ICAM Segment Architecture as Part One of the ICAM Roadmap and Implementation Guidance mandated in the President’s FY-10 Budget. Produced and coordinated multiple drafts. Final release is imminent. Published Federal profiles for the implementation of open identity solutions for interaction with the American Public. Current profiles include OpenID and InfoCard for transactions at identity assurance level one. Worked with Federal PKI Shared Service Providers to extend strong identity credentialing to the external community in support of PIV Interoperability. Published Trusted Framework Providers Adoption Process. Conducted ICAMSC leadership outreach to other identity initiatives in the Federal community, in order to foster a “Clear, Concise, Consistent and Credible” message for ourselves and our external partners; and further socializing this message with state governments and industry through participation in multiple conferences and meetings. Developed ICAM Work Plan for 2010

2009 IT Summit Federal CIO Council Owen Unangst Director of Innovation US Department of Agriculture

Enterprise SSO EEMS EEMS Administration Auditing and Reporting Monitoring Workflow Engine Rules Engine NEIS PayPers EmpowHR Stand-Alone Servers Mainframe AS/400 Active Directories ePACS HSPD-12 VPN/NAC eAuthentication Identity Management System Provisioning System Enterprise Directory Enterprise & Business Apps 17 USDA’s ICAM Model Implementing Policies, Procedures & Technologies - Available Now (Phase 1)- In Progress (Phase 1a)- FY 10 Deliverables(Phase 2) EmpowHR Person Model

18 Example Utilization: Single Sign-On Desktops Laptops VPN’s eAuthentication Whole Disk Encryption Encrypted Thumb Drives

19 Example Utilization: Physical Access Controls For “Ultimately” 220 MCF’s … National Infrastructure in Place Almost 100 Facilities Already Connected Authentication Controlled Nationally Authorization Controlled Locally

Example Utilization: Role Based Access Control 20 New Process: If “Loan Officer” = True Then Do not add role = “Loan Approver” Manual Process: - Over 200 persons to manage roles - 73 to handle audit issues

21 Distribution Layer Switch Wired Network Access Controller Remediate Wireless Access Point Wireless USDA Enterprise Directory VPN IDS Health Check: Pass Health Check: Fail NAC Agent BigFix Anti-X Patch Management Disk Encryption FDCC File Integrity Checking Host-Based FW Host-Based IPS Data Loss Prevention User Roles ASOC Auditing and Reporting Remote Access Local Access Example Utilization: Network Admission Control

22 Example Utilization: Digital USDA Scope –Adobe Acrobat files and forms – Versions 8 & 9 –Microsoft Office (Word, Excel, PowerPoint) – Versions 2003 & 3007 –Microsoft Outlook – Versions 2003 & 2007 –Business Transactions

2009 IT Summit Federal CIO Council Vance Hitch Chief Information Officer US Department of Justice

Identity, Credential, and Access Management Today’s Law Enforcement Environment  Today’s World  Law Enforcement Agencies rely on their numerous systems to provide critical information to officers  Some systems are internal to an agency but many more are parts of a national network –Internal Records Management systems –Regional Information Sharing Networks (LINK’s,ARGIS etc.) –National Systems  CJIS  NCIC  N-Dex  IAFIS (NGI)  NICS  The end goal is to provide the “Right Information to the Right Person, at the Right Times”  The end result is to provide officer and analysts with critical information that keeps them and the American Public safe and secure.

Identity, Credential, and Access Management How are we accomplishing this mission?  We have developed a trusted relationship with limited access points for information sharing  We communicate over trusted networks like: –CJIS WAN –LEO –RISS –HISN  Established through policies and procedures developed by participants and governing boards such as the FBI’s APB  Supported through the use of MOU’s signed by all participants that dictate how and what we will share

Identity, Credential, and Access Management Problem  Today’s world requires users to have Passwords for every system they access.  Each system must validate and manage access to their own system  There is a need to have individuals’ identities validated, managed and vouched for by trusted organizations in a secure way so that other entities do not have to redo it

Identity, Credential, and Access Management Examples of Ongoing Federated Identity Management Initiatives  Global Federated Identity & Privilege Management (GFIPM)  CJIS Federated Identity Management Services (FIMS)  DOJ’s Trusted Broker pilot  The DOJ currently provides a “trusted broker” pilot to help enable organizations to connect Identity Providers to Service Providers more simply and inexpensively  These initiatives are complementary, not competitive, and are interoperable today

Identity, Credential, and Access Management DOJ’s Trusted Broker Pilot  Currently Deployed to 4,400 users at:  DOJ, Chicago PD, RISS, LEO  Service Providers  JABs  HISIN-Intel  LEO-Intelink  RISS-Intelink  Criminal Information Sharing Alliance Network (Southwest Border)  RISSNET Portal  myFX – secure internet file sharing offered by DOJ  New Service Providers in process  N-DEx, Tripwire, Bomb & Arson Tracking Systems (BATS- ATF), NGIC

Identity, Credential, and Access Management Trusted Broker Operation

Identity, Credential, and Access Management Federated Identity Management Using a Trusted Broker Solution  Benefits  More information available to more users  Single sign-on (enhanced user experience)  Comprehensive audit capability  Improved alliances across government entities  Streamlined vetting (cost avoidance/reduction)  Improved interoperability  Improved security –Vetting is done closer to user –More secure authentication mechanisms –Dynamic de-provisioning

2009 IT Summit Federal CIO Council Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.