Remote access security
Office of Government-Wide Policy to Release Guidance on Remote Access
The General Services Administration’s Office of Government-wide Policy is set to release federal guidance on single sign-on, cloud identities and a digital identity risk management process.
Ken Myers, a chief identity, credential and access management architect at GSA, said the guidance will address agencies’ questions related to infrastructure modernization and remote access for cloud migration, FedScoop reported.
Even before the coronavirus pandemic, the Office of Management and Budget had released guidance to help government agencies implement remote access.
The memo allowed government agencies to maintain the Federal Identity, Credential and Access Management architecture during the pandemic.
OGP’s guidance, which is expected to be released in 2022, will elaborate on OMB’s existing guidance, which tells agencies to conduct a digital identity risk assessment to pick the right authenticator for remote access.
According to Myers, OGP is open to collaborating with agencies whose specific solutions are not aligned with FICAM, which uses a government-wide architecture.
The FICAM architecture is the federal government’s enterprise approach to designing, planning and executing common ICAM processes. The architecture was created in 2009 to provide a common ICAM segment architecture for federal agencies.
Myers noted that the Cybersecurity and Infrastructure Security Agency’s Continuous Diagnostics and Mitigation program uses FICAM as a reference for approving products and architectures.
He said OGP may then use CDM as a reference for updating its guidance on privileged access management, which is the concept of protecting users or devices that have elevated permissions to critical resources.
“It is deprecated. But we are looking at updating it because privileged access management is such an important topic today,” Myers added.
Category: Digital Modernization