CISA TLP Clear: Continuous Diagnostics and Mitigation Program

Executive Summary

There is no singular, authoritative, recognized way to architect an Identity, Credential, and Access Management (ICAM) capability across an enterprise, which results in many U.S. government agencies addressing this critical capability from different directions with different priorities. Compounding this issue, the maturity level of Identity Management varies across agencies , especially as related to tool expertise and ICAM-related policies, which may complicate ongoing CDM integration efforts and lead to incomplete or ineffective ICAM deployments.

This document refines and clarifies the CDM Program’s Identity and Access Management (IDAM) scope by providing a reference for how CDM IDAM capabilities may integrate into an agency’s ICAM architecture. A description of the federal ICAM practice area, including how ICAM services and components implement ICAM use cases, is provided, along with a description of related CDM capabilities. For each CDM ICAM capability, assumptions and constraints are made in reference to agency capabilities.