Federal ICAM Architecture Introduction

This site is the home of the Federal Identity, Credential, and Access Management (FICAM) Architecture. These pages describe the basics of ICAM, the FICAM Architecture, and how you can use this information to facilitate enterprise ICAM practices at your agency.

FICAM is the federal government’s implementation of Identity, Credential, and Access Management (ICAM).

ICAM is the set of tools, policies, and systems that an agency uses to enable the right individual to access the right resource, at the right time, for the right reason in support of federal business objectives.

This version of the FICAM Architecture encompasses the enterprise ICAM policies, technologies, and system approaches for government employees, contractors, and authorized partners. Citizen interactions with the federal government - or consumer ICAM - are not covered under this version of the FICAM Architecture.

The following diagram is a high-level view of the ICAM practice areas and supporting elements.

A diagram with definitions and icons for identity, credential, and access management and definitions for federation and governance.

The FICAM Architecture includes government-wide enterprise architecture views with the flexibility to support each agency’s unique business or mission needs. Use the FICAM Architecture as a tool to continuously improve upon your agency’s approach and align with federal security and privacy initiatives.

Copy the graphics and text throughout this playbook to use at your agency to drive ICAM awareness, strategy developments, and communications.

What Is ICAM?

ICAM is the set of tools, policies, and systems that an agency uses to enable the right individual to access the right resource, at the right time, for the right reason in support of federal business objectives.

Agencies implement ICAM services and solutions to unify their IT services, improve physical access control, and improve information security and decisions. Understanding the building blocks of ICAM is key to understanding the FICAM Architecture. ICAM has three practice areas and two supporting elements. The supporting elements enhance the capabilities of the practice areas.

ICAM Practice Areas

Three hexagons with the letters I, C, and A. The I is highlighted in orange for Identity Management.

Identity Management is how an agency collects, verifies, and manages attributes to establish and maintain enterprise identities for employees and contractors.

Three hexagons with the letters I, C, and A. The C is highlighted in green for Credential Management.

Credential Management is how an agency issues, manages, and revokes credentials bound to enterprise identities.

Three hexagons with the letters I, C, and A. The A is highlighted in blue, for Access Management.

Access Management is how an agency authenticates enterprise identities and authorizes appropriate access to protected services.

ICAM Supporting Elements

Three hexagons with the letters I in orange, C in green, and A in blue, with a gray banner for Federation.

Federation is the technology, policies, standards, and processes that allow an agency to accept digital identities, attributes, and credentials managed by other agencies.

Three hexagons with the letters I in orange, C in green, and A in blue, with a navy banner for Governance.

Governance is the set of practices and systems that guides ICAM functions, activities, and outcomes.

What Is the FICAM Architecture?

FICAM is the federal government’s enterprise approach to design, plan, and execute common ICAM processes.

The FICAM Architecture is a framework for an agency to use in ICAM program and solution roadmap planning. The FICAM Architecture focuses on enterprise identity processes, practices, policies, and information security disciplines.

A federal enterprise identity is the unique representation of an employee, contractor, or enterprise user, which could be a mission or business partner, or even a device or technology managed by a Federal agency to achieve its mission and business goals (OMB Memorandum 19-17).

Who Is the FICAM Architecture for?

The FICAM Architecture is for agency personnel. An enterprise architecture is primarily used by:

Senior Federal IT and Agency Stakeholders to understand the concepts for identity and access management services and the basic use cases supporting business objectives.
Program Managers to find common definitions and frameworks for use in planning.
Enterprise and Application Architects to use a common framework for designing and governing IT systems, applications, and implementations.

What Is the History of the FICAM Architecture?

The FICAM Architecture was created in 2009 to provide a common ICAM segment architecture for federal agencies. The FICAM Architecture was the primary foundation of what later became the FICAM Roadmap and Implementation Plan enhanced with complementary implementation sections.

In 2015, ICAM experts from across the federal government collaborated on an updated FICAM Architecture. This update was intended to be more concise, easy to understand, and visually appealing while reflecting the latest updates in cybersecurity, enterprise architecture, and ICAM policy and technology.

This site contains the current 2020 update for the FICAM Architecture. The FICAM Roadmap and Implementation Guidance v2.0 is superseded by both the FICAM Architecture updates and other complementary modernized playbooks developed by ICAM committees across government.