Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Pardon our Dust.

Welcome to the new site for Federal Identity, Credential, and Access Management (FICAM) Playbooks! We are consolidating all existing FICAM and Federal Public Key Infrastructure (FPKI) playbooks to this new page to help you find answers and content faster. Please bookmark this URL for future reference.

System Component Examples

Component examples include sample enterprise ICAM tools (e.g., solutions, applications, and software) aligned with ICAM service areas that illustrate ICAM functionality at an agency. The component examples are designed for enterprise architects, security engineers, and solution architects to facilitate discussions regarding the technology solutions to integrate with enterprise applications, and the business requirements.

The systems components are representative examples only. Some solutions chosen by your agency may span across more than one service area.

The following figure is an example for a small selection of system components only. You can modify the graphic and incorporate as-is and target state system components for enterprise roadmap planning.

A diagram that shows example components for each service area, and relationships between practice areas.

Authoritative Sources

An authoritative source is a trusted repository of identity attribute data. It’s possible to have multiple authoritative sources for attributes.

Authoritative sources systems components may include:

  • Human Resource systems such as payroll, time and attendance, and benefits administration
  • Agency or government-wide Learning Management Systems
  • Agency or government-wide Personnel Security systems for security and suitability
  • Directory services including on-premise or cloud-based directory services
  • Other external or internal sources

Identity Management Systems

Identity Management Systems are how an agency manages the identity lifecycle.

Identity management systems components may include:

  • Identity lifecycle management services including provisioning and workflow
  • Role management or role manager applications
  • Identity correlation or aggregation
  • Directory management

Access Management Systems

Access Management Systems are how an agency leverages credentials to authenticate individuals and authorize access to protected resources.

Access management systems components may include:

  • Enterprise single sign-on (eSSO) applications
  • Web access management applications
  • Physical or facility access control systems
  • Privileged access management applications
  • Access policy and access rules repositories
  • Policy enforcement points
  • Policy decision points
  • Virtual private networks
  • Cloud access security brokers
  • Network access management tools

Credential Management Systems

Credential Management Systems are how an agency manages an authentication token bound to an identity.

Credential management systems components may include:

  • PIV credential service provider solutions
  • Other, non-PKI, credential service provider solutions
  • Federated certification authorities
  • Private certification authorities
  • Key management services
  • Enterprise certificate manager
  • Multi-factor authentication managers for software and hardware tokens
  • Password managers

Governance Systems

Governance is the set of components to centralize management, develop insights, and assist in managing ICAM areas and services. Applications across all service areas include auditing such as standard audit logs or configuration of auditable events. Governance includes the aggregation of individual auditing and reporting into centralized tools to perform real-time or near real-time analysis, identify anomalies, and trigger mitigations for anomalous authentication or authorization events. Tools are increasingly incorporating machine learning or adaptive algorithms.

Governance systems components may include:

  • Identity governance solutions to perform access re-certifications
  • IT Service Management (ITSM)
  • Security information and event monitoring (SIEM)

Agency Endpoints

Agency endpoints are resources that an agency needs to protect, including physical and digital resources.

Agency endpoints may include:

  • On-premise applications
  • Cloud-based applications and platforms
  • Agency private networks
  • Government cloud email services
  • Government facilities