ICAM Program Management Guide Introduction
The ICAM Program Management Guide explains how to plan and implement an Identity, Credential, and Access Management (ICAM) Program, as outlined in the Federal Identity, Credential, and Access Management (FICAM) Architecture. In this guide, you’ll find content for ICAM program managers who need agency-level planning guides to drive adoption of ICAM services within their organizations, as well as how to govern the program, identify and communicate with stakeholders, manage risk, and other related topics.
This guide answers the most common ICAM program organization and management questions, including:
- How can I establish governance to ensure ICAM alignment at the agency level?
- Who are my key ICAM stakeholders?
- What best practices support ICAM implementation?
The guide is organized by sections, each of which describes an essential feature of ICAM program management, including recommendations and lessons learned from agencies who have implemented ICAM programs.
The content for this guide is based on the Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance v2.0
What is ICAM Program Management?
“The interwoven technical architecture of the Federal Government creates complexity in managing access to resources, safeguarding networks, and protecting information…each agency must harmonize its enterprise-wide approach to governance, architecture, and acquisition.” - OMB Memorandum M-19-17
An agency’s Identity, Credential, and Access Management (ICAM) program requires leadership to manage and oversee the program’s complex requirements, engage and collaborate with stakeholders, and apply proven risk management strategies to support the agency.
The following list includes the necessary components of a federal ICAM program. This guide offers advice for each component:
- Program Governance and Leadership - Establish operational policies and requirements.
- Workstreams - Categorize tasks and assign them to the proper resources.
- Stakeholder Management - Identify and communicate with stakeholders.
- Communication Plan - Define and appropriately communicate program objectives and goals.
- Performance Management - Measure and report progress, effectiveness, and improvements.
- Privacy Requirements - Manage risks associated with handling personally identifiable information (PII).