CISA released the Identity, Credential and Access Management (ICAM) Pilot for Public Safety overview fact sheet to introduce ICAM and provide high-level observations from two 2019 public-safety focused ICAM Demonstrations. 

The document was developed with support from SAFECOM, the National Council of Statewide Interoperability Coordinators (NCSWIC), Office of the Director of National Intelligence (ODNI), and Georgia Tech Research (GTRI), and intends to educate program managers, public safety officials, technologists and others interested in federated ICAM and its potential application to public safety users. Specifically, the fact sheet presents:

• Federated ICAM concepts;
• High-level observations and key findings from the 2019 CISA ODNI ICAM pilot demonstrations;
• Future considerations for public safety organizations when developing ICAM technical, governance and policy best practices.

As public safety’s reliance on data increases, ICAM interoperability and policy guidance will be necessary across a wide range of public safety information sharing and safeguarding applications, and across multiple platforms, says CISA. To address this growing need, SAFECOM, NCSWIC, ODNI, and CISA collaborated with the GTRI and state and local public safety agencies to conduct two ICAM pilot demonstrations designed to explore federated ICAM for state and local public safety agencies.

Held in 2019, the pilots leveraged the National Identity Exchange Federation and GTRI’s Trustmark, notes CISA. Participants used ICAM technologies (Security Assertion Markup Language single-sign-on) and secure credentials (Personal Identity Verification – Interoperable [PIV-I] and Fast Identity Online [FIDO]) to access public safety information in an operational environment. 

While public safety ICAM has not yet seen wide adoption, the combination of shorter technology lifecycles, edge computing, and emerging cybersecurity threats will heighten the risk profiles of legacy information technology systems and challenge current identity management practices, warns CISA. In the coming years, says CISA, public safety agencies will need to explore options for making access control both secure and user friendly. Therefore, it is critical that the public safety community develop guidance on how agencies can embrace and implement federated ICAM in support of their needs.

To learn more about ICAM and other helpful resources, visit https://www.cisa.gov/publication/icam-products-and-resources