As Federal agencies continue to build out zero trust architectures, they are increasingly focused on a critical component of any zero trust strategy: identity, credential, and access management (ICAM) solutions.
Defense Information Systems Agency (DISA) ICAM program manager W. Chandler Grice shared the agency’s progress with ICAM solutions in its push toward zero trust security during an FCW event on Aug. 17.
“Our vision is to create a secure trusted environment where any user can access all authorized resources to have a successful mission while letting the [Department of Defense (DoD)] know who is on the network at any given time,” Grice said.
Right now, DISA has a common access card (CAC) authentication service available for DoD 365 tenants and customer applications alongside multi-factor authentication for CAC owners as part of the “bring your own approved device” pilots. Those capabilities are housed within DISA’s global federated user directory, which acts as an identity provider, and serves more than one million authentication requests every day, Grice said.
“We’ve also successfully onboarded five DoD 365 tenants, with tenants six and seven projected to be completed by the end of this fiscal year,” Grice said.
DISA is also looking to develop an initial automated system authorization alongside intra-application segregation of duties. Both capabilities were developed with DoD’s financial management community across eight pilot applications, Grice explained, but the aim is to expand the offerings to a broader user base.
The end goal for DISA’s ICAM solutions is to have “account automation, centralized and continuous authentication, data and attribute sharing, plus new platforms, and multi-factor authentication as part of the agency’s shift to zero trust,” Grice said.