Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.


The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Examples and Guidance

We recommend leveraging existing resources to establish your Identity, Credential, and Access Management (ICAM) program and define roles and responsibilities across the enterprise.

On this page, you’ll find guidance to help you implement your ICAM program:

Agency Examples

Governance Structure

The figure below provides an example of an ICAM governance and program management structure implemented by the Department of Health and Human Services (HHS).

HHS ICAM Governance Structure.

ICAM PMO Charter

For an example of an ICAM Program Management Office (PMO) charter, download the HHS ICAM PMO Governance Charter (MS Word, May 2019)

Authorities to Consider

Executive Order (EO) 13800 – Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

EO 13800 provides requirements to strengthen the cybersecurity of federal networks, including holding agency heads accountable for managing cybersecurity risk to their enterprises.

“Effective risk management requires agency heads to lead integrated teams of senior executives with expertise in IT, security, budgeting, acquisition, law, privacy, and human resources.” - EO 13800 - Section 1,b,v.

NIST Risk Management Framework

The NIST Risk Management Framework (RMF) provides an approach to managing organizational risk.

Federal Information Technology Acquisition Reform Act (FITARA) and OMB M-15-14

FITARA, a U.S. law passed in December 2014, gives federal agency CIOs significant roles in IT investments including:

  • Annual and multi-year planning
  • Budgeting
  • Reporting
  • Management
  • Governance
  • Oversight functions

OMB M-15-14 provides implementation guidance for FITARA and assists agencies in establishing effective governance.

An official website of the General Services Administration

Looking for U.S. government information and services?
Visit Edit this page