The Office of Management and Budget issued draft guidance Friday ordering agencies to improve identity management security practices by designating teams of officials from their offices of the chief information officer and chief security officer, among others, to tackle the issue.
Those teams will be responsible for overseeing agency Identity, Credential, and Access Management (ICAM) policies — measures to prevent unauthorized access to sensitive information.
The proliferation of personal information through social media and data breaches makes verifying identities all the more important for agencies, OMB said. Likewise, ICAM took on added importance in the U.S. government after the devastating 2015 Office of Personnel Management breach, in which hackers used compromised credentials to steal information on 22 million current and former federal employees. Federal officials have been trying to bolster ICAM security ever since.
The OMB memo, which includes policy updates on encryption, multi-factor authentication, and digital signatures, also asks agencies to diversify their risk by using multiple credential providers to offer “resiliency in case of a compromise or other service failure with a credential provider.”
Read more about the new guidance on CyberScoop.