Federal Identity Management

Slides:



Advertisements
Similar presentations
Interoperability Standards for Information Sharing and Safeguarding PM-ISE Slide 1 | Unclassified | Notional | DRAFT.
Advertisements

Appropriate Access InCommon Identity Assurance Profiles David L. Wasley Campus Architecture and Middleware Planning workshop February 2008.
Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.
1 HSPD-12 Compliance: The Role of Federal PKI Judith Spencer Chair, Federal Identity Credentialing Office of Governmentwide Policy General Services Administration.
2009 IT Summit Federal CIO Council Breakout Session #5 Identity and Access Management Federal IT Summit October 28, 2009 Moderator: Paul Christy, SBA Paul.
The Federation for Identity and Cross-Credentialing Systems (FiXs) FiXs ® - Federated and Secure Identity Management in Operation Implementing.
Paul D. Grant Special Assistant, Federated Identity Management and External Partnering Office of the DoD CIO Co-Chair, Identity, Credential.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
Identity Assurance at Virginia Tech CSG January 13, 2010 Mary Dunker
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
“Personal Identity Verification (PIV) of Federal Employees and Contractors” October 27, 2005 Homeland Security Presidential Directive 12 (HSPD-12)
NCI Enterprise Security Program
FICAM Testing Program For more information, please contact GSA-FICAM- The FIPS 201 Evaluation Program is now the FICAM Testing.
Enterprise Architecture. 2 Agenda What is Enterprise Architecture (EA)? Roles in EA? Why is EA Important? Tangible Benefits from EA? What Do We Need to.
1 Enabling Open Government Using the OIDF/ICF Open Trust Framework OASIS Identity Management 2009 September 29, 2009 Don Thibeau, ED, OpenID Foundation.
Security Controls – What Works
1 Trust Framework Portable Identity Schemes Trust Framework Portable Identity Schemes NIH iTrust Forum December 10, 2009 Chris Louden.
Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
Office of the Chief Information Officer EFCOG Annual Meeting Fred Catoe (IM-32) U.S. Department of Energy.
1 eAuthentication in Higher Education Tim Bornholtz Session #47.
Emergence of Identity Management: A Federal Perspective Dr. Peter Alterman Chair, Federal PKI Policy Authority.
Update on Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
1 July 23, 2002 Strategic Technology Plan Briefing to LOT Committee.
ITPA Luncheon March 12, 2015 Emerging Role of the CTO.
National Information Assurance Partnership NIAP 2000 Building More Secure Systems for the New Millenium sm.
Investment Management Concepts Portfolio Management | Segment Architecture March 25, 2009 Adrienne Walker and Kshemendra Paul
I DENTITY M ANAGEMENT Joe Braceland Mount Airey Group, Inc.
The Crown and Suppliers: A New Way of Working People & Security15:35 – 16:20 Channels & Citizen Engagement Social Media ICT Capability Risk Management.
Federal CIO Council Information Security and Identity Management Committee IDManagement.gov FICAM Testing Program and Approved Products List (APL) Overview.
1 Semantic Cloud Computing & Open Linked Data Pattern Brand Niemann Invited Expert to the NCIOC SCOPE and Services WGs September 22, 2009.
Understanding the Value of Identity in Government Social Networking A Framework of Identity Trust in Government Social Networking September 4, 2015.
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.
Geospatial Platform Update Migration of GOS to Data.gov Rob Dollison GOS Project Manager FGDC Metadata Summit 10/26/11.
Use of Identity Credentials in Public Transit Fare Payment Systems Professional Capacity Building Program T3 Webinar June 29, 2011 Washington Metropolitan.
Elements of Trust Framework for Cyber Identity & Access Services CYBER TRUST FRAMEWORK Service Agreement Trust Framework Provider Identity Providers Credential.
1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Expenditure Management Information System GTEC October 2004 emis RDIMS
U.S. General Services Administration Federal Technology Service November 9, 1999 Judith Spencer Director, Center for Governmentwide Security Office of.
Business and Systems Aligned. Business Empowered. TM Federal Identity Management Handbook May 5, 2005.
E-Authentication: Simplifying Access to E-Government Presented at the PESC 3 rd Annual Conference on Technology and Standards May 1, 2006.
Security is not just… 1 A Compliance Exercise Certification and Accreditation FISMA.
1 © Material United States Department of the Interior Federal Information Security Management Act (FISMA) April 2008 Larry Ruffin & Joe Seger.
Enterprise Architecture, Enterprise Data Management, and Data Standardization Efforts at the U.S. Department of Education May 2006 Joe Rose, Chief Architect.
HSPD-12 Identity Management Initiative Carol Bales Senior Policy Analyst United States Office of Management and Budget North American Day 2006.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
PMC Update on Cyber Sprint June 18, Overview: 30-Day Cyber Sprint 1.Interagency Cyber Sprint Team: Launched June 11 and executing against the.
E-Authentication Overview & Technical Approach Scott Lowery Technical Track Session.
EGovOS Panel Discussion CIO Council Architecture & Infrastructure Committee Subcommittee Co-Chairs March 15, 2004.
Converting Policy to Reality Designing an IT Security Program for Your Campus 2 nd Annual Conference on Technology and Standards May 3, 2005 Jacqueline.
The Feds and Shibboleth Peter Alterman, Ph.D. Asst. CIO, E-Authentication National Institutes of Health.
Identity Federations and the U.S. E-Authentication Architecture Peter Alterman, Ph.D. Assistant CIO, E-Authentication National Institutes of Health.
1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of.
National Cybersecurity Center of Excellence Increasing the deployment and use of standards-based security technologies Mid-Atlantic Federal Lab Consortium.
1 1 Cybersecurity : Optimal Approach for PSAPs FCC Task Force on Optimal PSAP Architecture Working Group 1 Final Report December 10 th, 2015.
NIST HIPAA Security Rule Toolkit Kevin Stine Computer Security Division Information Technology Laboratory National Institute of Standards and Technology.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
National Geospatial Enterprise Architecture N S D I National Spatial Data Infrastructure An Architectural Process Overview Presented by Eliot Christian.
HHS Security and Improvement Recommendations Insert Name CSIA 412 Final Project Final Project.
10/08/20041 © 2004 Pete Palmer Federated Identity Management and Regional Health Information Organizations Pete Palmer, Principal Security Analyst, Guidant.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
E-Authentication Guidance Jeanette Thornton, Office of Management and Budget “Getting to Green with E-Authentication” February 3, 2004 Executive Session.
Higher Education’s Role in the Identity Ecosystem
NIST Cybersecurity Framework
EDUCAUSE Fed/Higher ED PKI Coordination Meeting
Technical Approach Chris Louden Enspier
HIMSS National Conference New Orleans Convention Center
Appropriate Access InCommon Identity Assurance Profiles
Presentation transcript:

Federal Identity Management www.idmanagement.gov The Future of Federal Identity Management Judith Spencer Agency Expert - IDM Office of Governmentwide Policy GSA Judith.Spencer@GSA.Gov

What is ICAM? ICAM represents the intersection of digital identities, credentials, and access control into one comprehensive approach. Key ICAM Service Areas Include: Digital Identity Credentialing Privilege Management Authentication Authorization & Access Cryptography Auditing and Reporting

ICAM Drivers Increasing Cybersecurity threats There is no National, International, Industry “standard” approach to individual identity on the network. (CyberSecurity Policy Review) Security weaknesses found across agencies included the areas of user identification and authentication, encryption of sensitive data, logging and auditing, and physical access (GAO-09-701T) Need for improved physical security Lag in providing government services electronically Vulnerability of Personally Identifiable Information (PII) Lack of interoperability “The ICAM segment architecture will serve as an important tool for providing awareness to external mission partners and drive the development and implementation of interoperable solutions.” (President’s FY2010 Budget) High costs for duplicative processes and data management

ICAM Scope Non-Persons Persons Logical Access Physical Access

FICAM Development Process The development process involves coordination and collaboration with Federal Agencies, industry partners, and cross-government working groups. The Roadmap team identified the key outputs of the Federal Segment Architecture Methodology (FSAM) needed for an ICAM segment architecture and coordinated these groups to develop workable approaches to enable cross-government solutions. Interagency Security Committee (ISC) Information Sharing Environment (ISE) White House National Science and Technology Council (NSTC) Committee for National Security Systems (CNSS) Office of Management and Budget National Institute of Standards and Technology (NIST) Office of National Coordinator (ONC) for Health IT Multiple agencies represented within the CIO council subcommittees and working groups

Components of the ICAM Segment Architecture Performance Architecture Outlines strategic vision for ICAM Includes 32 performance metrics, 4 of which will be tracked on data.gov Business Architecture 11 use cases representing high level government-wide ICAM functions Supports IEE, G2G, G2B, and G2C scenarios Data Architecture Details data sources and elements supporting each use case Illustrates the flow of information within the use cases Service Architecture Defines service types and components specific to ICAM Supports the Federal Enterprise Architecture Service Reference Model Technical Architecture Comprise the high level vision of the technical architecture Target state moves towards shared agency and federal infrastructures

ICAM Goals and Objectives The Federal ICAM Roadmap addresses unclassified federal identity, credential, and access management programs and demonstrates the importance of implementing the ICAM segment architecture in support five overarching strategic goals and their related objectives.

Eleven Use Cases Covering:

Measuring Success

On-Going Activities PIV Interoperability: Defining the parameters for an industry smart card that emulates the PIV credential FIPS 201 is limited to the Federal community External interoperability/trust is achievable Trust Framework Providers and Scheme Adoption Non-cryptographic solutions at lower levels of assurance Industry self-regulation with government recognition Working with Open Solutions to enable open government Federal PIV deployment exceeds 70% LACS deployment beginning PACS demonstration system operational

Increasing the Trusted Credential Community Back to Basics – M-04-04 and NIST 800-63 are still the foundational policy/technical guidance for identity management in the Federal government. Establish unified architecture for Identity Management Expand our use of Assertion-based solutions (Levels 1&2) Stronger industry alignment for trust and technology standards Federal Bridge interoperability will continue to play a role at Levels 3 & 4 Outreach to communities of interest Explore natural affinities

M-04-04:E-Authentication Guidance for Federal Agencies Assurance Levels M-04-04:E-Authentication Guidance for Federal Agencies OMB Guidance establishes 4 authentication assurance levels Level 4 Level 3 Level 2 Level 1 Little or no confidence in asserted identity Some confidence in asserted identity High confidence in asserted identity Very high confidence in the asserted identity This synopsizes the four levels of assurance and some of the high level security controls at each level. On-line with out-of-band verification for qualification Cryptographic solution Self-assertion minimum records On-line, instant qualification – out-of-band follow-up In person proofing Record a biometric Cryptographic Solution Hardware Token Assertion-based Crypto-based

Maximum Potential Impacts FIPS 199 Risk/Impact Profiles Assurance Level Impact Profiles Potential Impact Categories for Authentication Errors 1 2 3 4 Inconvenience, distress or damage to standing or reputation Low Mod High Financial loss or agency liability Harm to agency programs or public interests N/A Unauthorized release of sensitive information Personal Safety Civil or criminal violations

Goals Leverage Industry credentials for Government use Make Government more transparent to the Public Make it easier for American Public to access government information Avoid issuance of application-specific credentials Leverage Web 2.0 technologies Demonstrate feasibility with application(s) assessed at Assurance Level 1 Support applications at higher assurance levels as appropriate

Enabling e-Government Business Process Redesign will result in standardized interfaces for logical access Streamlined access control/provisioning Well-understood Federated trust at multiple levels of assurance Level 4 will require PIV-I Levels 1-3 will recognize multiple solutions/identity schemes Greater trust in external credential validity Repeatable process

Summary Identity and Access Management Are Foundational to Information Sharing and Collaboration First release of Trust Framework Provider Approval Process and Identity Scheme Adoption Process available for public review www.idmanagement.gov Industry Partners are Fielding Identity Credentials as well as Creating Federations for Sharing & Collaboration Open ID Foundation infoCard Foundation InCommon Federation Progress Depends on Public-Private Partnering 16