Identity

DOJ preps major push around ID management

Shutterstock ID 543155404 By NicoElNino  

The Department of Justice is gearing up to build an extensive identity and access management service for employees and contractors over the next three years.

At a Dec. 11 conference hosted by SailPoint, Nickole Arbuckle, program lead for the "IamDOJ" identity management system at Justice, laid out 16 different tools that DOJ plans to have in place by 2021 around self-service identity management, logistical access, access certification, physical access provisioning, contractor access management, automated onboarding and compliance metrics reporting.

Arbuckle said it was part of a larger push at DOJ over the past two years to move towards an enterprise services model while getting rid of legacy systems and manual processes. For example, many aspects of the department's onboarding and off-boarding programs are still done through paper, requiring a circuitous and time-consuming journey to collect physical signatures from specific individuals. Justice will start moving toward a more automated system in 2020.

"It's really great if you can show up to work starting a new job and have your birthright access," said Arbuckle. "Generally, that's not how it happens right now.… Over the next three years, we're really trying to move towards getting rid of the paper documentation for onboarding and moving towards more of an automated flow. It's more auditable, we can remove access more quickly, give access more quickly and make sure everyone has the right access."

Justice and the law enforcement agencies under its purview all require differing levels of access authorization for employees, contractors and investigations. The department wants to give all of its employees DOJ ID numbers "so if they don't have an FBI number or a [Drug Enforcement Administration] number, they have a DOJ ID and that will follow them around the department," according to Scott Hoge, a director and consultant at CGI Federal, which is working with DOJ on the project.

The whole portfolio will be built on top of a legacy credential management system that DOJ uses for Continuous Diagnostics and Mitigation, a governmentwide cybersecurity program managed by the Department of Homeland Security.

Arbuckle told FCW the decision to use the existing system as a foundation for larger identity and access management goals has created some complication, but it has pushed her and others at the agency to take the long view on how to structure both projects.

About the Author

Derek B. Johnson is a former senior staff writer at FCW.

Featured

  • Cybersecurity
    cybersecurity (Rawpixel/Shutterstock.com)

    CMMC clears key regulatory hurdle

    The White House approved an interim rule to mandate defense contractors prove they adhere to existing cybersecurity standards from the National Institute of Standards and Technology.

  • Comment
    cloud (Phaigraphic/Shutterstock.com)

    A call for visionary investment

    Investing in IT modernization is not an either-or proposition, Rep. Connolly writes. This pandemic has presented Congress a choice: We can put our head in the sand and pretend these failures didn't happen, or we can take action to be prepared for the future.

Stay Connected