This is the draft preview of version 3.1 for the Federal Identity, Credential, and Access Management architecture.

Edit this page

Introduction

This playbook describes the Federal Identity, Credential, and Access Management (FICAM) Architecture. FICAM is the Federal Government’s implementation of Identity, Credential, and Access Management (ICAM).

ICAM enables the right individual to access the right resource, at the right time, for the right reason in support of federal business objectives.

This page describes the basics of ICAM, the FICAM Architecture, and how you can use this playbook to facilitate ICAM practices at your agency.

The following diagram is a high-level view of the ICAM practice areas and supporting elements.

A color-coded diagram that has three large connected boxes and two small auxillary boxes. The three large boxes include definitions and diagrams for Identity, Credential, and Access Management, and the two small boxes include definitions for Federation and Governance.

The FICAM Architecture includes government-wide enterprise architecture views with the flexibility to support each agency’s unique business or mission needs. Use the FICAM Architecture as a tool to continuously improve upon your agency’s approach and align with federal security and privacy initiatives.

These are the views you’ll find in this playbook:

  • Goals and Objectives - The aims and outcomes of enterprise Federal ICAM.
  • Services Framework - Descriptions of the services within each ICAM practice area that support enterprise ICAM.
  • Use Cases - High-level summaries and examples of the common procedures in ICAM.
  • Component Examples - A list of example enterprise ICAM tools, aligned to each ICAM service area. These tools, such as solutions, applications, and software, are representative examples that illustrate ICAM functionality within an agency.
  • Standards and Policies - The federal policies and standards that shape the implementation of enterprise ICAM.

Copy the graphics and text throughout this playbook to use at your agency to drive ICAM awareness, strategy developments, and communications.

What is the FICAM Architecture?

FICAM is the Federal Government’s enterprise approach to design, plan, and execute common ICAM processes.

The FICAM Architecture is a framework for an agency to use in ICAM program and solution roadmap planning. The FICAM Architecture focuses on enterprise identity processes, practices, policies and information security disciplines.

A federal enterprise identity is the unique representation of an employee, contractor, or enterprise user, which could be a mission or business partner, or even a device or technology managed by a Federal agency to achieve its mission and business goals. (OMB Memorandum 19-17).

What is ICAM?

ICAM is the set of tools, policies, and systems that agencies use to secure access to protected agency services.

Agencies implement ICAM services and solutions to unify their IT services, improve physical access control, and improve information security and decisions. Understanding the building blocks of ICAM is key to understanding the FICAM Architecture. ICAM has three practice areas and two supporting elements. The supporting elements enhance the capabilities of the practice areas.

ICAM Practice Areas
Three hexagons with the letters I, C, and A. The I is highlighted in red for Identity Management.
 Identity Management is how an agency uses attributes to establish and maintain enterprise identities for employees and contractors.
Three hexagons with the letters I, C, and A. The C is highlighted in green for Credential Management.
 Credential Management is how an agency issues, manages, and revokes credentials bound to enterprise identities.
Three hexagons with the letters I, C, and A. The A is highlighted in blue, for Access Management.
 Access Management is how an agency authenticates enterprise identities and authorizes appropriate access to protected services.
ICAM Supporting Elements
Three hexagons with the letters I in red, C in green, and A in blue, with a gray banner for Federation.
 Federation is the technology, policies, standards, and processes that allow an agency to accept digital identities, attributes, and credentials managed by other agencies.
Three hexagons with the letters I in red, C in green, and A in blue, with a navy banner for Governance.
 Governance is the set of practices and systems that guides ICAM functions, activities, and outcomes.

Who is the FICAM Architecture for?

The FICAM Architecture is for agency personnel looking for federal information technology resources.

  • Senior Federal IT and agency stakeholders can find a reference architecture that leverages Federal IT and industry standard definitions to integrate IT applications and services across multiple agencies and business areas.
  • Program Managers can find common definitions and frameworks for use in planning.
  • Enterprise and Application Architects can find a common framework, including views and use cases, for use in IT systems, applications, and network implementations.
  • Everyone in Federal IT can benefit from applying consistent, interoperable, and unified IT identity, credentials, and access management implementations to their business- and mission-level initiatives.

FICAM Architecture Background

The FICAM Roadmap was created in 2009 to provide a comprehensive view for a common Identity and Access Management (IAM) segment architecture for Federal agencies. Part A of the FICAM Roadmap and Implementation Guidance, v2.0, was replaced in 2015 with an updated Architecture. This site contains the current 2020 update for the FICAM Architecture.