This blog post is an excerpt from GovLoop’s recent guide “Your Guide to Identity and Access Management.” Download the full guide here.
Identity and access management (IAM) is not just about doing security to comply with government requirements. Instead, it’s a means to ensure the consistency and trustworthiness of government services, especially as digital options expand.
This expansion means that office walls no longer define agencies’ perimeters because employees are increasingly accessing resources and data remotely from various devices. In light of these and other changes, the Office of Management and Budget (OMB) issued updates to the federal government’s identity, credentials and access management (ICAM) policy in May 2019. Among other things, the policy calls on agencies to take a risk management approach to identity management and align with the National Institute of Standards and Technology (NIST) guidelines.
Gone are the days when simply adhering to a checklist of security mandates was enough to defend against online impersonators, fraudulent claims and other attacks. Agencies must understand the unique risks they face and use that information to drive what technologies and mitigation strategies can reduce them, according to NIST Special Publication 800-63 revision 3, which establishes digital identity guidelines for federal agencies.
The policy update also calls on agencies to shift from managing who has access inside and outside their perimeter to using identity as the foundation for managing risks resulting from attempts to access federal resources. Having stronger authentication methods in place requires malicious actors to have better capabilities and expend greater resources to successfully subvert the ..
Support the originator by clicking the read the rest link below.
