3 stages of identity consolidation

Here are the building blocks and the capabilities that result from a consolidated identity management system. Most agencies are still wrapping up work on the first step of issuing credentials.

1: Preparing the People

Identity Proofing -- Homeland Security Presidential Directive 12 set agencies to work conducting background investigations of government employees and contractors as part of the identity management process. As of Dec. 1, 2009, background checks had been verified or completed for 2,755,682 government employees (59 percent), according to the idmanagement.gov Web site.

Credentialing Process -- Collectively, agencies have enrolled and issued computerized personal identity verification (PIV) cards to the majority of their employees (86 percent) and contractors (72 percent).

2: Preparing the Systems and Applications

Centralized Directory -- A centralized directory for identity data serves as a key piece of the ID management foundation and interacts with many other components. A number of departments and agencies, including the Agriculture, Homeland Security and Justice departments and NASA, have launched plans to combine multiple existing directories into one central resource at their respective organizations.

Integrating Applications – Software applications, Web sites and physical security controls, such as building entrances, must be configured to work with PIV cards and the centralized identity directory. Development priorities are typically geared toward high-risk, high-payback systems. Ultimately, agencies might choose to implement a single sign-on for multiple applications or groups of related applications.

Enabling Laptop and Desktop PCs -- User hardware must have smart card readers. The Agriculture Department is using smart cards on 55,000 laptop PCs and plans to cover its desktop computers by the end of the fiscal year.

Connecting to Trusted Partners – Agencies’ centralized identity systems will interface with trusted networks, such as the Open Identity Exchange, so that agencies can accept credentials issued by other public and private entities for interagency collaboration and citizen access to government services.

3: Streamlining Identity Management

Provisioning/Deprovisioning -- Centralized account management reduces the cost of maintaining separate systems and provides a comprehensive way to add, modify and delete accounts when employees are hired, change jobs or leave the government.

Auditing and Reporting – Agency officials can use the consolidated system to see who has accessed particular systems and verify policy compliance.

Program Management or Governance Office -- Integrated identity management can be an arduous and ongoing undertaking. A program manager or office can help guide the launch of the identity management solution and oversee the schedule and budget. The governance team keeps key stakeholders informed about key milestones.

About the Author

John Moore is a freelance writer based in Syracuse, N.Y.

Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected