The White House Office of Management and Budget (OMB) has proposed identity, credential and access management (ICAM) guidelines for federal agencies.These guidelines are designed to strengthen the cybersecurity of federal agencies through the development and management of effective ICAM policies, according to a memo from OMB Director Mick Mulvaney.The proposed OMB cybersecurity guidelines outline government-wide ICAM responsibilities across the following areas: In addition, the OMB cybersecurity guidelines include updates to previous cybersecurity requirements in several areas, such as:Federal agencies must be able to identify, credential, monitor and manage user access to information and information systems, Mulvaney noted. With the proposed OMB cybersecurity guidelines, federal agencies can streamline their ICAM policy management and ensure they are protected against evolving cyberattacks.
- Implementation of effective ICAM governance. Federal agencies must follow the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-63 and Homeland Security Presidential Directive 12 (HSPD-12) security requirements.
- Modernization of federal agency ICAM capabilities. Federal agencies must deploy ICAM services and solutions that are not fragmented or duplicative.
- Federal agency adoption of shared ICAM services and solutions. Federal agencies must leverage shared ICAM services and solutions, including credential management and identity assurance and authentication offerings.
- Digital signatures.
- Encryption.
- Multi-factor authentication (MFA).