GSA Outlines Best Practices for Identity Management
Ken Myers explains how GSA’s new playbooks are guiding federal agencies’ identity management.

The General Services Administration’s Office of Government Policy is developing new playbooks to guide agencies through Identity, Credential and Access Management (ICAM) implementation, especially as more data and services move to the cloud.
“From the context of ICAM…[efficiency] is the core in an agency’s infrastructure to help enable some of the modernization and customer experience initiatives that agencies are doing,” GSA’s Director of the Identity Assurance and Trusted Access Division, Ken Myers, explained during GovCIO Media & Research’s Zero Trust Breakfast on Thursday.
ICAM spans across all functions of how systems are run and accessed, including people as well as other technologies like automation and robotic process automation (RPA). GSA has published four playbooks since last September. The playbooks focus on single sign-on, authentication and digital identity risk assessment (DIRA) to simultaneously accelerate efficiency and security.
“We’re talking about granting access, but would you be able to revoke access very quickly as well? So, are those capabilities being considered at the time? That’s certainly something that should be top of mind,” Felipe Fernandez, director of systems engineering at Fortinet Federal explained. “If you’re going to deploy your trust, you’re doing automation…don’t just stop at the users.”
The six-step Digital Identity Risk Assessment playbook helps federal CIOs update and maintain consistent processes, determine whether an agency application requires a DIRA, integrate DIRA into agency Risk Management Framework (RMF) processes and learn practices to implement DIRA processes. GSA compiled best practices for the playbook based on OMB’s Memo 19-17 and NIST’s Special Publication 800-63-3.
As more agencies adopt cloud platforms, Myers said its critical to have security and identity management solutions in place. GSA’s Cloud Identity playbook pretexts OMB’s FY 24 priorities, which calls on agencies to make stronger investments in cloud and security.
“It tries to help agencies understand the advantages of using a FedRAMP identity as a service,” Myers said. “There are three capabilities to FedRAMP identity as a service. It’s combining directory services, supporting multiple forms of multi-factor authentication and providing a single sign on tool. Those three capabilities built into one.”
Looking into 2023, GSA will work to align the federal ICAM infrastructure to the identity action steps within the federal zero trust strategy. GSA will also focus on insider threat mitigation. In the coming weeks, GSA plans to publish the privileged identity playbook. The playbook is currently undergoing final reviews and was a collaboration between GSA and DHS’ Continuous Diagnostic Mitigation program.
“That’s a joint collaboration where we took insider threat mitigation best practices and then combined it with privileged IT user best practices,” Myers said.
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
Inside Oak Ridge National Lab’s Pioneer Approach to AI
Energy Department’s Oak Ridge National Lab transforms AI vulnerabilities into strategic opportunities for national defense.
22m listen -
Modernization Strategies to Enable Energy Innovation
Lawrence Berkeley National Lab and Maximus experts explore the modernization strategies driving digital transformation and operational resilience within the energy sector.
33m watch -
DOE National Labs Launch New AI Tools for Operational Efficiency
The Energy Department's National Laboratories are using AI to increase operational efficiency and drive research efforts forward.
3m read -
Software Factories Accelerate Federal Modernization Outcomes
IT leaders from Nutanix and SAIC explain how software factories streamline tech development, modernize legacy systems and accelerate adoption of emerging technologies like AI.
34m watch -
AI in Top-Secret Clouds Is a ‘Game Changer’ for IC, DNI Says
Tulsi Gabbard touts significant improvements in AI, data analysis, interoperability and operational intelligence at the AWS Summit 2025.
3m read -
AWS Summit: Innovation Accelerates IT Delivery at DOD
Marine Corps Community Services is tackling outdated IT processes with agile development and cutting-edge cloud security to deliver mission-critical capabilities faster.
12m watch -
AWS Summit: NIST Secures High-Performance Computing Against Evolving Threats
NIST’s Yang Guo reveals the broad attack surface of high-performance computing and explains developing guidance and future-proofing security strategies.
9m watch -
Trump Overhauls Federal Cybersecurity with New Executive Order
The new directive aims to strengthen digital defenses while rolling back "burdensome" software requirements and refocusing AI security.
3m read -
AWS Summit: Forging Successful Cloud Modernization Partnerships
Industry leaders share insights on the critical role industry partnerships have in enabling government agencies to navigate procurement challenges for cloud and zero trust solutions.
24m watch Partner Content -
CISA's CVE Program and Why it Matters for Zero Trust
The vulnerability program provides the cybersecurity community visibility into software as part of a key pillar of CISA's zero trust model.
5m read -
Air Force, Coast Guard Talk Data Security Efforts for AI Development
The services' AI initiatives include efforts like creating clean training data, countering data poisoning and bridging siloed teams.
4m read -
DHS Secretary Urges Congress to Reauthorize CISA 2015
Federal leaders highlight CISA 2015's role in strengthening public-private partnerships and defending against evolving cyber threats.
3m read