Stakeholder Management
A stakeholder is an individual or organization that has an interest in the program, either because the stakeholder is actively involved in the program or might be affected by the program’s outcome.
This page describes how to work with stakeholders by doing the following:
-
Identify Stakeholders - determine the individuals or agencies that will be involved or actively interested in your Identity, Credential, and Access Management (ICAM) program. The tables on this page provide a starting point to identify key ICAM stakeholders at the federal and agency levels.
-
Manage Stakeholders - establish effective communication and processes among your stakeholders.
Identify Stakeholders
Stakeholders can be internal or external to the agency. Internal stakeholders may include the program sponsor, steering committee, or governance board, and external stakeholders may include suppliers, investors, community groups, and other government organizations.
To understand the impacts of program decisions, you’ll need to identify all stakeholders for your mission delivery, not just those who may be positively affected by the project.
Federal Governance Bodies
| Office of Management and Budget (OMB) | Assists the President in overseeing the preparation of the federal budget and supervises its administration in Executive Branch agencies. Provides policy, direction, and oversight for the implementation of ICAM initiatives. Serves as the lead agency for E-Government implementation. |
| Federal Chief Information Officers (CIO) Council | Improves practices in the design, modernization, use, sharing, and performance of federal government agency information resources. Charters the work of the following: • Federal PKI Policy Authority. • Identity, Credential, and Access Management Subcommittee (ICAMSC). |
| Federal Chief Information Security Officer (CISO) Council | Oversees interagency CISO collaboration and communication. Identifies and recommends strategic high-priority IT security initiatives to advise the CIO Council and OMB. Focuses on the following strategic areas: • Identity management. • Comprehensive risk assessment and framework. • Vulnerability response. • Shared services. • Performance metrics. |
| Identity, Credential, and Access Management Subcommittee (ICAMSC) | Oversees identity management, secure access, authentication, authorization, credentials, privileges, and access lifecycle management. Is a subcommittee of the CISO Council. Provides opportunities for agencies to raise issues and challenges associated with the planning, implementation, and operations of ICAM programs and solutions. Recommends new ICAM policies and updates existing ones. Develops specific tools to assist agencies’ abilities to meet ICAM policy objectives and overcome identified ICAM implementation challenges Fosters cross-government collaboration on information sharing, lessons learned, and best practices related to ICAM. |
| Federal Privacy Council | Improves agency practices for the protection of privacy. Serves as an interagency coordination group for Senior Agency Officials for Privacy and Chief Privacy Officers in the federal government, promoting adherence to the letter and spirit of laws and best practices advancing privacy. |
| Department of Homeland Security (DHS) | Oversees government-wide and agency-specific cybersecurity implementation and reporting for information systems that fall under the Federal Information Security Management Act (FISMA). Provides adequate, risk-based, and cost-effective cybersecurity. |
| Office of Personnel Management (OPM) | Develops policies and procedures to ensure the effective, efficient, and timely completion of investigations and adjudications when determining if candidates for employment or direct contract support for federal agencies are eligible for access to federal resources. Serves as the suitability executive agent for the federal government. |
| Suitability and Security Clearance Performance Accountability Council (PAC) | Develops policies and procedures related to suitability, fitness, and clearance determination activities and processes. Serves as the most senior policy-making entity for the security and suitability reform effort and provides final determinations for resulting reports. |
| Interagency Security Committee (ISC) | Develops standards, policies, and best practices to enhance the quality and effectiveness of physical security in, and the protection of, nonmilitary federal facilities in the United States. |
| National Science and Technology Council (NSTC) | Coordinates science and technology policy across the federal research and development enterprise. |
Internal Standards Body
| National Institute of Standards and Technology (NIST) | Promotes U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology. |
External Service Customers
| American Public and Businesses | Individuals and businesses that require access to government systems and resources. The governmentwide approach to ICAM must address the varying needs of these communities, focusing mainly on the characteristics of the two user segments: Government-to-Citizen (G2C) and Government-to-Business (G2B). |
| State, Local, Foreign, and Tribal Governments | Governments that transact business on behalf of their constituencies or higher levels of government. Partner with the federal government on identity management initiatives. |
Agency-Level Stakeholders
| Agency Partners and Affiliates | Contractors working on behalf of the federal government and affiliates that do business with or consume the services provided by federal agencies. Portions of this population use PIV credentials to access agency facilities and information systems while others use non-PIV credentials and require only occasional access to agency assets. |
| Business Process/System Owners | Individuals within an agency responsible for managing a set of activities, programs, and systems that are critical to operations and use ICAM services. |
| General Counsel | Provides legal oversight over an agency’s ICAM program, administering security clearance review programs and ensuring that ICAM programs abide by all applicable laws and regulations. |
| Human Resources (HR) | Collects information on federal employees. Creates a digital identity for each employee within the agency’s HR applications. |
| Office of the Chief Financial Officer (OCFO) | Processes and submits budget requests for ICAM investments. Ensures that each agency investment leverages ICAM requirements and tools. |
| Office of the Chief Information Officer (OCIO) | Coordinates with the agency’s Chief Financial Officer (CFO) to ensure that the IT programs and activities are cost-effective. Ensures that appropriate security controls are applied, determines how the ICAM solution will impact the security of existing applications, and incorporates ICAM into the agency’s Enterprise Architecture (EA). |
| Office of the Chief Information Security Officer (OCISO) | Develops, employs, and publishes security policies, programs, and standards to guard the agency’s personnel, property, facilities, and information. Has leadership and authority over security policy and programs within the agency and can coordinate with the Personnel Security and Physical Security divisions. |
| Personnel Security | Coordinates with managers’ HR departments to determine position sensitivity levels for each position occupied within the agency. Coordinates with OPM to ensure all agency employees and contractors receive an appropriate background investigation and periodic reinvestigation. |
| Physical Security | Manages the security of agency buildings, such as resolving conflicts concerning entry to facilities and verifying that those seeking to gain access to federal buildings are authorized to do so. |
| Privacy Office | Administers policy to govern the use, collection, storage, and dissemination of personally identifiable information (PII) for all agency employees, contractors, and affiliates. Maintains an agency’s System of Records Notices (SORNs) and supports Privacy Impact Assessments (PIAs) for all IT investments, including ICAM. |
| Unions | Frequently involved in matters related to ICAM processes that collect personal information or introduce additional requirements for background investigations. |
Manage Stakeholders
Stakeholder management involves coordination, collaboration, and communication within the agency. Each stakeholder group has a distinct mission requirement and performs duties in support of the overall agency mission. These stakeholders have different viewpoints that may conflict with each other or the overarching ICAM program objectives, and decisions made in one program area may impact another.
To encourage collaboration, develop working groups that comprise stakeholders across the program. Stakeholders in these working groups incorporate their needs into the ICAM program and share implementation lessons learned in other ICAM implementations to reduce overall program risk and increase efficiency in implementation.
You can also stand up smaller focus groups or tiger teams devoted to specific program issues or direct implementation support. You’ll promote consistency and stakeholder buy-in by encouraging better understanding, inclusion, and ownership in the program.
