H-ISAC TLP White: Announcement: CISA Releases Continuous Diagnostics and Mitigation Program Report

On September 15, 2023, CISA released the Continuous Diagnostics and Mitigation Program: Identity, Credential, and Access Management (ICAM) Reference Architecture to help federal civilian departments and agencies integrate their identity and access management (IDAM) capabilities into their ICAM architectures.

Before this release, there was no singular, authoritative, and recognized reference for architecting an ICAM capability across an enterprise.

This publication provides:

• a description of the federal ICAM practice area, including how ICAM services and components implement ICAM use cases,
• a description of related CDM capabilities,
• an introduction to federation services, and
• a high-level notional physical implementation.

In addition, it explores zero-trust architecture and illustrates how ICAM and CDM help enable it.

CISA encourages organizations to use this publication to create its most robust and effective ICAM capability. CISA’s Continuous Diagnostics and Mitigation Program web page offers additional resources.

Organizations are urged to review the attached PDF for recommended steps and best practices.