Enterprise Identity, Credential, and Access Management (ICAM) Policy

1.  Purpose.

In accordance with Office of Management and Budget (OMB) Memorandum M-19-17: Enabling Mission Delivery through Improved Identity, Credential, and Access Management, Federal Information Technology Acquisition Reform Act (FITARA), and the Federal Information Security Modernization Act (FISMA) this order sets forth the General Services Administration’s (GSA) enterprise-wide ICAM policy, process, and provides a framework for a GSA enterprise ICAM technology solution roadmap and strategy. This order is consistent with agency authorities and operational mission needs. This order incorporates applicable Federal policies, standards, playbooks, and guidelines, and includes roles and responsibilities. New challenges have emerged along with these advances. Identity and access management has become even more critical to GSA’s successful delivery of services. 

2.  Cancellation.

This Order cancels and supersedes Instructional Letter CIO IL-20-01 Enterprise Identity, Credential, and Access Management (ICAM) Policy, dated November 17, 2020.

3.  Explanation of Changes.

      a.   Removed deprecated policy references;

      b.   Updated links throughout;

      c.   Updated applicability section to include information about the Civilian Board of Contract Appeals (CBCA); 

      d.   Updated divisions for roles and responsibilities;

      e.   Updated definition for public identity and federal enterprise identity;

      f.    Removed references to operational procedures; and

      g.   Removed references to Continuous Diagnostic and Mitigation (CDM) tools for clarification and consistency purposes.