Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal Government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a Federal Government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

This is a carousel with auto-rotating slides. Activate any of the buttons to disable rotation. Use Next and Previous buttons to navigate, or jump to a slide using the slide dots.

ICAM FIBF

The ICAM FIBF Working Group has released Component 4 and 5 for Comment.

Learn more about the ICAM FIBF

FICAM

helps the U.S Government agencies achieve Zero Trust cyber maturity quickly.

Learn more about FICAM

Zero Trust

concept assumes there is no implicit trust granted to assets or user accounts based solely on their physical or network location or based on asset ownership.

Learn more about Zero Trust

Privileged user

is authorized and trusted to perform security-relevant functions that ordinary users cannot perform—also known as a administrator or superuser.

Learn more about Privileged user

Phishing resistant authenticators

are not susceptible to common interception and replay attacks. Phishing-resistant MFA protects users from sophisticated online attacks.

Learn more about Phishing resistant authenticators

Single sign on

centralizes application access for agency employees and contractors or federate access with other federal executive agencies.

Learn more about Single sign on

User authorization

is a decision whether to grant access to a user or machine account following authentication. Authorization to resources can be fine grained to help achieve attribute based access vs the traditional role based access.

Learn more about User authorization

Identity lifecycle management

encompasses the activities of creating, identity proofing, vetting, provisioning, aggregating, maintaining, and deactivating digital identities on an agency’s enterprise identity, credential, and access management (ICAM) system.

Learn more about Identity lifecycle management

Partner with us


  • Vendors

    Sell your identity, credential, and access management ICAM products and services to the federal government.

  • Acquisition professionals

    Adopt innovative identity, credential, and access management ICAM products and services to meet your agency's mission-needs.

  • Program managers

    Govern and operate ICAM systems and services.

Functions


  • FICAM program management office

    FICAM program management office

    The Federal, Identity, Credential, and Access Management program management office is a collaboration with the Federal CIO Council to mature agency ICAM practices and processes through governmentwide guidance like the FICAM architecture and playbooks on idmanagement.gov.

    Latest Update: 2023-06
    Webpage

  • Federal public key infrastructure governance

    Federal public key infrastructure governance

    This page contains information to help Federal Public Key Infrastructure (FPKI) program managers and auditors. It includes the FPKI policies and profiles, annual FPKI annual review schedule, tools for compliance submissions, and information on compliance status of Federal PKI Certification Authorities.

    Latest Update: 2023-06
    Webpage

  • FIPS 201 evaluation program

    FIPS 201 evaluation program

    The Federal information processing standard 201 evaluation program tests and certifies services and commercial products.

    FIPS 201 evaluation program

    Approved product list

    Removed product list

    Latest Update: 2023-06
    Webpage

  • GSA PKI shared service provider program

    GSA PKI shared service provider program

    The General Services Administration GSA, Office of Government-wide Policy, manages the GSA Public Key Infrastructure Shared Services Provider program. The primary program focus is to help agencies meet the policy intent of Homeland Security Presidential Directive 12, as well as achieve digital signature interoperability.

    Latest Update: 2023-06
    Webpage


Playbooks


  • Cloud Identity Playbook

    Cloud Identity Playbook

    The Cloud Identity Playbook is a four-step playbook to start or further expand the use of Workforce ICAM Services delivered in a cloud operating model.

    Latest Update: 2022-12
    Webpage

  • Digital Autopen Playbook

    Digital Autopen Playbook

    This playbook outlines the process for an agency to implement a Digital Autopen for Federal Register documents.

    Latest Update: 2023-03
    Webpage

  • Digital Identity Risk Assessment Playbook

    Digital Identity Risk Assessment Playbook

    The Digital Identity Risk Assessment playbook is a six-step playbook for completing a digital identity risk assessment as described in OMB Memo 19-17 and NIST Special Publication 800-63-3.

    Latest Update: 2020-09
    Webpage

  • Digital Worker Identity Playbook

    Digital Worker Identity Playbook

    The Digital Worker Identity Playbook is a practical guide for managing digital worker identities.

    Latest Update: 2022-12
    Webpage

  • Digitally Sign a Federal Register Document

    Digitally Sign a Federal Register Document

    This playbook will walk you through the procedures for digitally signing a Microsoft Word document for submission to the Office of the Federal Register using your PIV credential or similar digital certificate.

    Latest Update: 2022-08
    Webpage

  • Digitally Sign a Word Document

    Digitally Sign a Word Document

    This playbook will walk you through the steps for digitally signing a Microsoft Word document with your PIV credential or similar digital certificate.

    Latest Update: 2018-03
    Webpage

  • Enterprise Single Sign-On Playbook

    Enterprise Single Sign-On Playbook

    The Enterprise SSO Playbook is a five-step playbook to aid agencies in planning an SSO or Identity Federation service.

    Latest Update: 2021-11
    Webpage

  • ICAM Governance Framework Version 1.0

    ICAM Governance Framework Version 1.0

    The ICAM Governance Framework is a tool to help agencies build and improve agency ICAM governance structures, processes, and policies.

    Latest Update: 2021-09
    PDF

  • Identity Lifecycle Management Playbook

    Identity Lifecycle Management Playbook

    This playbook can aid agencies in understanding how to shift the focus from managing the lifecycle of credentials to the lifecycle of identities outlined in section III of OMB Memo 19-17.

    Latest Update: 2024-18
    Webpage

  • Phishing-Resistant Authenticator Playbook

    Phishing-Resistant Authenticator Playbook

    This playbook helps an agency identify phishing-resistant alternative authenticators and design a pilot.

    Latest Update: 2024-02
    Webpage

  • Privileged Identity Playbook

    Privileged Identity Playbook

    This Playbook provides federal agencies with best practices in managing its privileged user population.

    Latest Update: 2022-12
    Webpage

IDManagement.gov

An official website of the U.S. General Services Administration

Looking for U.S. government information and services?
Visit USA.gov

This site is a collaboration between GSA and the Federal CIO Council. It is managed by the Identity Assurance and Trusted Access Division in the GSA Office of Government-wide Policy.

Edit this page