Government

White House seeks to tighten identity management in federal agencies

A memo from OMB asks agencies to coordinate regularly to make sure federal identity management policies are consistently implemented.

By Sean Lyngaas

April 6, 2018

(getty)

A new White House memo tasks agencies with clamping down on identity security by designating a team of officials from the offices of the chief information officer and chief security officer, among others, to tackle the issue.

The Office of Management and Budget draft policy released Friday asks these officials to coordinate regularly to make sure federal Identity, Credential, and Access Management (ICAM) policies are consistently implemented. The proliferation of personal information through social media and data breaches makes verifying identities all the more important for agencies, OMB said.

ICAM – a set of measures to prevent unauthorized access to sensitive information – is a staple of cybersecurity, and federal agencies have had to adapt to evolving identity scams from hackers. ICAM took on added importance in the U.S. government after the devastating 2015 Office of Personnel Management breach, in which hackers used compromised credentials to steal information on 22 million current and former federal employees. Federal officials have been trying to bolster ICAM security ever since.

The OMB memo, which includes policy updates on encryption, multi-factor authentication, and digital signatures, also asks agencies to diversify their risk by using multiple credential providers to offer “resiliency in case of a compromise or other service failure with a credential provider.”

The draft policy includes other important updates. It asks agencies to find a way to automate agency-wide reporting on identity management, and to better understand how changes in a user’s access privileges over time affect cybersecurity and privacy.

Guidance from the National Institute of Standards and Technology will once again serve as the blueprint for agency cybersecurity policy. “The processes and technologies to establish and use digital identities offer multiple opportunities for impersonation and other attacks,” the NIST guidance warns, while laying out a slew of measures to guard against such attacks.

OMB is soliciting feedback on the memo through GitHub or an email to the federal CIO’s office.

White House seeks to tighten identity management in federal agencies

More Like This

FBI director warns of China’s preparations for disruptive infrastructure attacks

House passes bill to limit personal data purchases by law enforcement, intelligence agencies

Microsoft rolls out expanded logging six months after Chinese breach

Top Stories

Treasury official: Small financial institutions have ‘growth to do’ in using AI against threats

‘Large volume’ of data stolen from UN agency after ransomware attack

More Scoops

Ex-White House cyber official says ransomware payment ban is a ways off

A tangled mess: Government rules for social media security lack clarity

White House moves to ease education requirements for federal cyber contracting jobs

Federal agencies are falling behind on meeting key privacy goal set five years ago

White House grapples with harmonizing thicket of cybersecurity rules

Feds to hackers in Vegas: Help us, you’re our only hope

White House seeks whole of society approach, immigration reform to boost cyber workforce

Latest Podcasts

How Troy Hunt knows if you’ve been hacked and Washington tries to understand AI

Why pig butchering is the worst kind of online scam

How the FBI fights ransomware

Rumman Chowdhury on AI red-teaming; a Sisense supply chain attack

Government

Technology

Threats

Geopolitics