ICAM Program Management Introduction
The ICAM Program Management Playbook explain how to plan and implement an Identity, Credential, and Access Management (ICAM) Program, as outlined in the Federal Identity, Credential, and Access Management (FICAM) Architecture. You’ll find content for ICAM program managers who need agency-level planning best practices to drive adoption of ICAM services within their organizations. You’ll also find information on how to govern the program, identify and communicate with stakeholders, manage risk, and other related topics.
The ICAM PM Playbook will answer the most common ICAM program organization and management questions, including:
- How can I establish governance to ensure ICAM alignment at the agency level?
- Who are my key ICAM stakeholders?
- What best practices support ICAM implementation?
The content is based on the Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance v2.0
What Is ICAM Program Management?
“The interwoven technical architecture of the Federal Government creates complexity in managing access to resources, safeguarding networks, and protecting information…each agency must harmonize its enterprise-wide approach to governance, architecture, and acquisition.” - OMB Memorandum M-19-17
An agency’s Identity, Credential, and Access Management (ICAM) program requires leadership to manage and oversee the program’s complex requirements, engage and collaborate with stakeholders, and apply proven risk management strategies to support the agency.
The following list includes the necessary components of an ICAM program.
- Program Governance and Leadership - Establish operational policies and requirements.
- Workstreams - Categorize tasks and assign them to the proper resources.
- Stakeholder Management - Identify and communicate with stakeholders.
- Communication Plan - Define and appropriately communicate program objectives and goals.
- Performance Management - Measure and report progress, effectiveness, and improvements.
- Privacy Requirements - Manage risks associated with handling personally identifiable information (PII).