Identity is Crucial for Government IT, Says Federal CIO
Suzette Kent tells AFCEA Federal Identity Summit identity management is central to digital infrastructure.
Identity isn’t mentioned in the President’s Management Agenda — the Trump administration’s blueprint for modernizing the federal government. But it is central to almost everything the federal government wants to accomplish in IT transformation and digitizing citizen services, Federal Chief Information Officer Suzette Kent told AFCEA’s Federal Identity Summit Wednesday.
“Identity and how we control access to information in the federal government ... is central to all the strategies that we’re talking about and the things that we’re doing” with regard to IT modernization, she said in a keynote address.
“Identity management and access control are foundational to our whole digital infrastructure and information infrastructure. … Identity is deeply intertwined with how we use technology and data,” she added.
She also highlighted how important identity was to the administration’s new cybersecurity strategy, released last week; and teased some of the themes that will be in the new Office of Management and Budget policy memo on Identity, Credential, and Access Management, or ICAM, which is due for release shortly.
The President’s Management Agenda, or PMA, is a road map for overhauling government technology and services—a multibillion dollar effort that, critics say, remains greatly underfunded.
Progress on the PMA is measured through a series of 14 cross-agency performance goals. The goals include expanding shared services, improving management of major acquisitions, modernizing infrastructure and reforming security clearance and credential issuance.
Those goals, Kent said, “help us move faster modernizing outdated services … and we have to be diligent in the enhancement of our identity policy, our tools and our processes ... to embed the security that’s expected.”
The PMA, she noted, also commits the administration “to deliver more citizen services through digital channels and to better leverage modern tools” to improve citizens’ user experience when they digitally interact with the federal government.
But digitizing more government services also means exposing them to potential abuse by hackers and online criminals. To guard against that, Kent said, “We have have to strengthen our identity proofing … throughout the lifecycle and that includes working with agencies to reduce the reliance that we currently have on social security numbers.”
Turning to the national cybersecurity strategy, she noted that it “highlights the need to establish a more robust end to end identity lifecycle management process for the nation”—an integral part of securing government data and services.
She finished by teasing some elements of the eagerly awaited ICAM policy memo. According to Kent, the draft version, released in March, had received more comments than any other OMB draft policy.
“That actually shows how essential it is and how important to so many of the things we’re doing,” she said.
The new policy looks set to loosen the rules for the use of Personal Identity Verification or PIV cards — the smart cards that federal employees and contractors must currently use for access to government facilities and networks. PIV cards were introduced under a Bush-era policy known as Homeland Security Presidential Directive 12.
The new policy “does start by looking at the challenge of how we find some more flexible approaches to achieving the goals of Homeland Security Presidential Directive 12 and that may extend beyond some of things that we currently use such as the PIV card so we need to continue … to push for innovative tools to move faster,” she said.