3 stages of identity consolidation
- By John Moore
- May 10, 2010
Here are the building blocks and the capabilities that result from a consolidated identity management system. Most agencies are still wrapping up work on the first step of issuing credentials.
1: Preparing the People
Identity Proofing -- Homeland Security Presidential Directive 12 set agencies to work conducting background investigations of government employees and contractors as part of the identity management process. As of Dec. 1, 2009, background checks had been verified or completed for 2,755,682 government employees (59 percent), according to the idmanagement.gov Web site.
Credentialing Process -- Collectively, agencies have enrolled and issued computerized personal identity verification (PIV) cards to the majority of their employees (86 percent) and contractors (72 percent).
2: Preparing the Systems and Applications
Centralized Directory -- A centralized directory for identity data serves as a key piece of the ID management foundation and interacts with many other components. A number of departments and agencies, including the Agriculture, Homeland Security and Justice departments and NASA, have launched plans to combine multiple existing directories into one central resource at their respective organizations.
Integrating Applications – Software applications, Web sites and physical security controls, such as building entrances, must be configured to work with PIV cards and the centralized identity directory. Development priorities are typically geared toward high-risk, high-payback systems. Ultimately, agencies might choose to implement a single sign-on for multiple applications or groups of related applications.
Enabling Laptop and Desktop PCs -- User hardware must have smart card readers. The Agriculture Department is using smart cards on 55,000 laptop PCs and plans to cover its desktop computers by the end of the fiscal year.
Connecting to Trusted Partners – Agencies’ centralized identity systems will interface with trusted networks, such as the Open Identity Exchange, so that agencies can accept credentials issued by other public and private entities for interagency collaboration and citizen access to government services.
3: Streamlining Identity Management
Provisioning/Deprovisioning -- Centralized account management reduces the cost of maintaining separate systems and provides a comprehensive way to add, modify and delete accounts when employees are hired, change jobs or leave the government.
Auditing and Reporting – Agency officials can use the consolidated system to see who has accessed particular systems and verify policy compliance.
Program Management or Governance Office -- Integrated identity management can be an arduous and ongoing undertaking. A program manager or office can help guide the launch of the identity management solution and oversee the schedule and budget. The governance team keeps key stakeholders informed about key milestones.