Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Performance Management

Program leadership and stakeholders need tools to monitor progress, determine program effectiveness, and identify areas of improvement. To accomplish this, assign performance measurements to your agency’s Identity, Credential, and Access Management (ICAM) program.

OMB Memorandum M-19-17 identifies two key performance measurements that help agencies establish effective ICAM governance:

1) Outline enterprise-level performance expectations for cybersecurity and risk management through each user’s lifecycle, including changes in the user’ s access privileges. 2) Streamline and automate enterprise-level performance reporting, aligned with existing and planned reporting and analytics structures and tools, such as the Continuous Diagnostics and Mitigation (CDM) dashboards and Federal Information Security Management Act (FISMA) reporting.

We also recommend that you follow government-wide ICAM metrics, such as Cross-Agency Priority (CAP) Goals and CIO FISMA metrics. These metrics are an existing foundation for reporting requirements and performance measurement and accomplish the following goals:

  • Reduce the time needed to prepare external reports.
  • Provide synchronized data points for government-wide leadership, agency leadership, and program managers.
  • Represent comprehensive measurements that cover transactions between the federal government and its employees, contractors, business partners, and citizens.

Implementation Tips

Incorporate relevant metrics in your Exhibit 300 for any ICAM investment to track investment results and communicate value to your agency.

Tie your agency’s ICAM program accomplishments directly to the responsible individual’s yearly performance plan. This helps leadership and management assume ownership and feel accountable for the ICAM program’s success.