Identity, Credential, and Access Management (ICAM) Division
Identity, Credential and Access Management (ICAM) is the intersection of digital identities and associated attributes, credentials and access controls into one comprehensive approach.
The OCIO ICAM Division is responsible for coordinating ICAM activities across GSA by:
- Supporting GSA Access Card issuance, usage and lifecycle maintenance for GSA personnel
- Developing GSA-wide identity, credential and access management solutions
The ICAM Division was originally established to help GSA comply with the Homeland Security Presidential Directive - 12 (HSPD-12). This directive requires that all federal agencies adopt common, reliable and interoperable identification standards for employees and contractors. The ICAM Division safeguards GSA assets by ensuring that all GSA personnel obtain Personal Identity Verification (PIV) credentials, and by developing enterprisewide, compliant, identity solutions. GSA branded the PIV credential it issues to its employees and contractors as the ‘GSA Access Card.’
The Division’s ICAM solutions help GSA meet federal mandates such as the Office of Management and Budget (OMB) Memorandum 11-11 (M-11-11) to use the GSA Access Card for access to GSA facilities and information systems:
GSA Credential and Identity Management System (GCIMS) is a GSA internal web database that provides authoritative information on GSA personnel, work locations and credentials. The easy-to-use GCIMS database streamlines the management and tracking of the background investigation and credentialing process and serves as a repository for personnel information. There are more than 500 credentialing and investigation process role holders logging in from various GSA regions nationwide, with new users continuously added. In addition, GSA personnel use GCIMS to update their contact information.
GSA Access Management System (GAMS) is a Logical Access Control System (LACS) that enables GSA employees and contractors to log into to their computers at GSA work locations or remotely through VPN using their GSA Access Card. The system provides shared identity and access management services for application business owners to verify and authorize user access requests. Benefits include:
- Offers Single Sign-On: Logon once with your GSA Access Card and Personal Identification Number (PIN) to access multiple IT applications
- Provides Self-Service Capability: GAMS requests are routed through the approval chain and notifications sent to requestor when access request is complete
- Protects Against Unauthorized Access: Application business owners customize policies based on user attributes to determine which resources a user can access
- Reduces Audit Reporting Time: Query a single audit database for user access privileges, including successful and unsuccessful logon attempts
- Enables the Reuse of Identity Data: User’s access privileges are mapped to a single identity to avoid GSA collecting the same data multiple times
- Expedites Employee and Contractor On-Boarding: Provides an automated approval process and access privileges for new staff and automated removal process for departing staff.
Physical Access System (PACS): The ICAM Division is working with other GSA Offices to ensure that individuals accessing GSA facilities, both at the perimeter and at certain internal areas, have been properly cleared, authorized and credentialed to do so. The most apparent application of the program is the issuance of the GSA Access Card and the underlying certification process. The GSA Access Card process supports an agency wide consistent application of Physical Access Standards. The program is consistently under review and development as the GSA and federal standards that govern access are developed, implemented or revised. The program’s dynamic nature is also driven by technology as hardware and software are upgraded and protocols are advanced.