GSA’s Office of Government-wide Policy is pleased to announce the Identity Lifecycle Management (ILM) Playbook, designed for identity program managers, and enterprise and application architects interested in modernizing their identity management process for federal employees. This practical guide helps federal agencies understand how to shift their focus from managing employee access based on credentials to managing the lifecycle of identities as outlined in section III of OMB Memo 19-17. This will help agencies achieve an enterprise Identity, Credential, and Access Management (ICAM) system that is agile enough to support technology modernization and aligns with the Federal Identity, Credential, and Access Management (FICAM) architecture.
The ILM playbook defines ILM as stages of digital identity from creation to deactivation. This lifecycle is also known as the joiner-mover-leaver process. The intent of implementing lifecycle management is to ensure an agency has visibility into all digital identities they control. For example:
- Ensure only active employees can access federal resources;
- Remove access when employees haven’t completed the required security training;
- Ensure least privilege is enforced when accounts are created or a user changes roles; and
- Implement fine-grained access control using attributes.
This playbook also assists agencies in understanding how to support non-PIV authenticators as outlined in the identity section of OMB Memo 22-09. Agencies can use this playbook to:
- Understand identity lifecycle management; and
- Identify the steps to create and integrate identity lifecycle management within an agency.
The playbook also outlines a four-step process that an agency can utilize to implement identify lifecycle management: … Read the full blog post here.