Cybersecurity update for FICAM

[idmken]

Suggested update for the Cybersecurity - Identity Section

Break it up into two sections; One on workforce identity and one on public identity.

• OMB Memo 19-17 is the latest digital identity memo.
• For workforce - Agencies should create an agency-specific identity architecture based on the FICAM Architecture
• Review the playbooks to understand how to implement identity processes - https://www.idmanagement.gov/playbooks/
• Credentialing standards are outlined in the latest OPM credentialing policy - https://www.opm.gov/suitability/suitability-executive-agent/policy/cred-standards.pdf
• OMB M-22-09 outlines six action steps for agencies which include updated password polices, requiring phishing-resistant authentication for all workforce and partners, and integrating a device level signal.
• Check out the ICAM policy matrix at https://www.idmanagement.gov/university/policymatrix/

For public

• 800-63-3 is more for public
• For public access to records, M-21-04guidance outlines the responsibilities of agencies for accepting access and consent forms provided in a digital format from individuals who are properly identity-proofed and authenticated.