A repository of Identity Management resources for the Public Sector
The Federal government is increasingly making a push towards a Zero Trust Architecture model. While many aspects have led to this shift, both from the public sector and private sector, some key pieces of guidance and publications are undeniable. Among some of the key pieces are the Executive Order on Improving the Nation's Cybersecurity which specific called for the Federal Government to adopt a Zero Trust Architecture. This included leveraging guidance from NIST as well as organizations such as CISA, who subsequently published the Zero Trust Maturity Model. Identity is a key pillar in this model and many view Identity as the new perimiter in the Zero Trust data-centric model of cybersecurity.
This repository will include resources to help public sector agencies, industry partners and academia advance their knowledge of digital identity management to bolster an organizations cybersecurity and advance towards a Zero Trust Architecture and ultimately more secure outcomes and services for Citizens, Warfighters and the Nation.
- API - Application Programming Interface -CI/CD - Continuous Integration/Continuous Delivery
- CIEM - Cloud Infrastructure Entitlement Management
- DIRA - Digital Identity Risk Assessment
- FedRAMP - Federal Risk and Authorization Management Program
- FICAM - Federal Identity, Credential, and Access Management
- FISMA - Federal Information Security Management Act
- ICAM - Identity, Credential, and Access Management
- IDaaS - Identity as a Service
- IdP - Identity Provider
- MFA - Multi-Factor Authentication
- NIST - National Institute of Standards and Technology
- NPE - Non-Person Entity
- OAuth - Open Authorization
- PIV - Personal Identity Verification
- PKI - Public Key Infrastructure
- SSO - Single Sign-On
- WebAuthN - Web Authentication
- Whitehouse Cybersecurity EO (https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/)
- CISA Zero Trust Maturity Model (https://www.cisa.gov/sites/default/files/publications/CISA%20Zero%20Trust%20Maturity%20Model_Draft.pdf)
- FICAM Cloud Identity Playbook (https://playbooks.idmanagement.gov/playbooks/cloud/)
- GSA ICAM Governance Framework (https://playbooks.idmanagement.gov/docs/playbook-identity-governance-framework.pdf)
- FICAM Digital Identity Risk Assessment Playbook (https://playbooks.idmanagement.gov/playbooks/dira/)
- Federal Cloud Computing Strategy (https://cloud.cio.gov/strategy/)
- FICAM Services Framework (https://playbooks.idmanagement.gov/arch/services/)
- FICAM Enterprise Single Sign-On Playbook (https://playbooks.idmanagement.gov/playbooks/sso/)
- M-19-17 Enabling Mission Delivery Through Improved ICAM (https://www.whitehouse.gov/wp-content/uploads/2019/05/M-19-17.pdf)
- SP 800-63 - Digital Identity Guidelines (https://csrc.nist.gov/publication/detail/sp/800-63/final)
- SP 800-145 - Definition of Cloud Computing (https://csrc.nist.gov/publications/detail/sp/800-145/final)
- SP 800-204B - Attribute-based Access Control for Microservices-based Applications using a Service Mesh (https://csrc.nist.gov/publications/detail/sp/800-204b/final)
- SP 800-207 - Zero Trust Architecture (https://csrc.nist.gov/publications/detail/sp/800-207/final)
- SP 800-210 - General Access Control Guidance for Cloud Systems (https://csrc.nist.gov/publications/detail/sp/800-210/final)
- Securing Identity with Zero Trust (https://docs.microsoft.com/en-us/security/zero-trust/deploy/identity#:~:text=In%20the%20Zero%20Trust%20security,and%20typical%20for%20that%20identity.)
- AWS IAM Documentation (https://docs.aws.amazon.com/iam/index.html)
- Zero Trust on AWS (https://aws.amazon.com/security/zero-trust/)
- Zero Trust Architecture: An AWS Perspective (https://aws.amazon.com/blogs/security/zero-trust-architectures-an-aws-perspective/)
- Security in the Digital Age: Your Guide to Identity and Access Management (https://www.okta.com/sites/default/files/pdf/Security%20in%20the%20Digital%20Age_0.pdf)
- Okta Zero Trust Security (https://www.okta.com/zero-trust/)
- Zero Trust Framework (https://www.yubico.com/solutions/zero-trust/)
- What is Zero Trust (https://www.yubico.com/resources/glossary/zero-trust/)
- New Era Authentication Lends Support for Federal Zero Trust Initiaitive (https://pages.yubico.com/new-era-authentication-for-federal-zero-trust-initiative)
- Black Hat: Zero Trust Starts with Identity (https://www.youtube.com/watch?v=FwLOG5nhyYY)
- Decentralized ID, verifiable credentials, zero trust represent a new paradigm for trust/verification (https://www.youtube.com/watch?v=4Txa7pAOHZQ)
- Microsoft: Decentralized Identity Explained (https://www.youtube.com/watch?v=Ew-_F-OtDFI)
- Digital Identity & Security for Modern Enterprise - Cyber Security & Cloud Expo, Santa Clara 2019 (https://www.youtube.com/watch?v=m1rhvICHRcw)
- Building an Enterprise Identity Governance Program in the Federal Government (https://www.youtube.com/watch?v=t2TQ2J9-HQo&list=PLmo1dzwg8wgbK7ztQg03HItPdna7j8FMZ)
- Marrying Identity and the SOC like Peanut Butter & Jelly (https://www.youtube.com/watch?v=jfnIFyErY04)
- Identity Security: The Foundation of Zero Trust (https://www.youtube.com/watch?v=hSpBicOiODk)
- Implications of the New Zero Trust Guidance for Federal Agencies (https://www.youtube.com/watch?v=rcf1K51NmbI)
- Identity as the Foundation of Zero Trust (https://www.youtube.com/watch?v=t825Dy7XKng)
- Strengthening the Mission with Identity Centric Security (https://www.youtube.com/watch?v=ZZsp7aVAoP0)
- BeyondCorp for the Rest of Us (https://www.youtube.com/watch?v=cuatrTKEy90)
Chris Hughes