Jim Sheire is the director of the Federal Identity, Credential, and Access Management (FICAM) program. Originally published on GSA's blog.
This past year, GSA’s Office of Government-wide Policy (OGP) Federal Identity, Credential, and Access Management (FICAM) team launched a series of revamped digital tools designed to update and replace the Federal ICAM Enterprise Architecture and Roadmap. To modernize the original FICAM Roadmap and implementation guidance, a cross-government team began migrating the information to interactive FICAM Playbooks. These playbooks provide common patterns to help agencies properly implement and execute FICAM.
The FICAM team helps agencies enable the right individual to access the right resource, at the right time, for the right reason. The playbooks were created to share important agency-developed ICAM information in an online format, provide a place for agencies and private industry partners to submit ICAM-related issues and questions, and tap the expertise of the FICAM community to solve these challenges.
What may not be obvious from the surface is that the new FICAM Playbooks are built on 18F’s Federalist platform. The platform makes it faster and easier for government agencies to build secure, compliant, and accessible websites. Federalist is designed to efficiently deploy GitHub-based content into government-hosted websites.
Benefits of Federalist
The FICAM team had already been using GitHub to host, develop, and publish content for the FICAM Playbooks, but our goal was to find a platform that’d allow agencies to share valuable expertise in an easier, more collaborative manner. We worked with GSA’s 18F team, whose role is to partner with agencies to fix technical problems, build products, and improve how government serves the public through technology. When we began revamping the playbooks, choosing the Federalist platform was an easy decision considering the following benefits:
What we got from Federalist
Low-cost platform as a service that included Operations and Maintenance (O&M) and an Authorization to Operate (ATO)
Government-hosted compliance using a .gov domain and conformance with HTTPS best practices
Available to any contributor to submit suggestions and edits
Minimal identity and access management administrative costs
Automated deployments / scalability
The Federalist platform has allowed for easy and efficient creation and editing of playbook content by the FICAM team and outside contributors. Three FICAM Playbook sites are now live:
- Personal Identity Verification (PIV) Guide – focuses on using PIV credentials for logical access, like authenticating to networks or applications.
- Enterprise Architecture (EA) – a migration of the FICAM Enterprise Architecture to a more concise, easy to understand, and visually appealing format.
- Federal Public Key Infrastructure (FPKI) Guides – information about the FPKI including commonly used links, tools, tips, and information.
What’s next?
The live playbooks have standard features and usability, and the FICAM team continues to migrate additional content and analyze feedback from customers. In the coming months, the FICAM team plans to release five additional playbooks to update and replace the official FICAM Roadmap. Upcoming topics include:
- Physical Access Control Systems
- Identity Management
- Access Management
- Federation
- Program Management
The FICAM team is very happy with the decision to use the Federalist platform, and we recommend it to other agencies for:
- Hosting web content
- Transitioning program and technical guides into digital formats for other agencies and the public
- Complying with federal government web policy and security requirements