Today, CISA released the Identity, Credential, and Access Management (ICAM) Pilot for Public Safety overview fact sheet to introduce ICAM and provide high-level observations from two 2019 public safety-focused ICAM demonstrations. This document was developed with support from SAFECOM, the National Council of Statewide Interoperability Coordinators (NCSWIC), Office of the Director of National Intelligence (ODNI), and Georgia Tech Research Institute (GTRI), and intends to educate program managers, public safety officials, technologists, and others interested in federated ICAM and its potential application to public safety users. Specifically, the fact sheet presents:
- Federated ICAM concepts;
- High-level observations and key findings from the 2019 CISA ODNI ICAM pilot demonstrations;
- Future considerations for public safety organizations when developing ICAM technical, governance, and policy best practices.
As public safety’s reliance on data increases, ICAM interoperability and policy guidance will be necessary across a wide range of public safety information sharing and safeguarding applications, and across multiple platforms. To address this growing need, SAFECOM, NCSWIC, ODNI, and CISA collaborated with the GTRI and state and local public safety agencies to conduct two ICAM pilot demonstrations designed to explore federated ICAM for state and local public safety agencies. Held in 2019, the pilots leveraged the National Identity Exchange Federation and GTRI’s Trustmark Framework. Participants used ICAM technologies (Security Assertion Markup Language single-sign-on) and secure credentials (Personal Identity Verification – Interoperable [PIV-I] and Fast Identity Online [FIDO]) to access public safety information in an operational environment.
While public safety ICAM has not yet seen wide adoption, the combination of shorter technology lifecycles, edge computing, and emerging cybersecurity threats will heighten the risk profiles of legacy information technology systems and challenge current identity management practices. In the coming years, public safety agencies will need to explore options for making access control both secure and user friendly. Therefore, it is critical that the public safety community develop guidance on how agencies can embrace and implement federated ICAM in support of their needs. To learn more about ICAM and other helpful resources, visit https://www.cisa.gov/publication/icam-products-and-resources.
The Intelligence Reform and Terrorism Prevention Act of 2004 (IRTPA) established the Office of the Program Manager for the Information Sharing Environment (PM-ISE) and granted it the authority to plan, oversee, and manage the Information Sharing Environment. PM-ISE was placed within the ODNI Partner Engagement (PE) to better coordinate the office's terrorism-related information sharing mission with the Director of National Intelligence’s mission to improve intelligence information sharing. PE-ISE leverages information sharing capabilities to focus on terrorism-related information sharing, homeland security, and counter proliferation of weapons of mass destruction missions.
GTRI is the nonprofit, applied research division of the Georgia Institute of Technology (Georgia Tech). GTRI's renowned researchers combine science, engineering, economics, policy and technical expertise to solve complex problems for the U.S. federal government, state and industry. GTRI and Georgia Tech combine the best of both applied and basic research to solve the innovation equation on behalf of clients.
About the SAFECOM NCSWIC ICAM Working Group
As communications and information sharing technologies advance, the public safety community faces an increasing amount of ICAM challenges. Recognizing the importance of ICAM solutions in emergency response, SAFECOM and NCSWIC established a joint working group to provide the public safety community with leadership, education, and guidance on ICAM. SAFECOM/NCSWIC is supported by CISA, working with partners to defend against today’s threats and collaborating to build more secure and resilient infrastructure for the future.
CISA works with partners to defend against today’s threats and collaborating to build more secure and resilient infrastructure for the future. CISA enhances public safety interoperable communications at all levels of government to help partners across the country develop their emergency communications capabilities. Working with stakeholders across the country, CISA conducts extensive, nationwide outreach to support and promote the ability of emergency response providers and relevant government officials to continue to communicate in the event of a natural disaster, act of terrorism, or other man-made disaster.