The Cybersecurity & Infrastructure Security Agency has released the Continuous Diagnostics and Mitigation Program’s identity, credential and access management reference architecture.
CISA said Friday the document addresses the issue of a lack of a singular enterprise ICAM reference architecture, an issue that has resulted in different government agencies implementing ICAM capabilities in various ways and at varying degrees of maturity, potentially rendering such capabilities ineffective.
According to CISA, the document also works to show how identity and access management might integrate into the ICAM architecture of an agency. In so doing, the document clarifies and refines the scope of IDAM under the CDM Program.
The ICAM reference architecture also takes into account zero trust, whose adoption the Biden administration endorsed via Executive Order 14028. Zero trust is a cybersecurity framework that assumes devices and users cannot be trusted and therefore requires continuous authentication. The CISA document explains how ICAM supports zero trust.