How DOJ Uses ICAM to Fight Fraud
The Office of Justice Programs is using identity, credential, and access management to reduce fraud in federal grants.
The Office of Justice Programs (OJP) needs to ensure the right grants make it to the right people, and identity, credential and access management solutions (ICAM) create a crucial gateway to applicants and awardees.
“Law enforcement officers — and community programs and their officers — they don’t have a lot of time to go through arduous processes,” said Jaime Noble, OJP Deputy Director for IT Security and Deputy Chief Information Security Officer at an FCW event Tuesday. “But we need to make sure that, as stewards of federal dollars, we are giving money to people who are who they say they are.”
To implement ICAM solutions, Noble needed buy-in from department leadership. She explained how an ICAM system would support business processes in addition to securing DOJ’s digital infrastructure.
“There’s only so much money to go around, but I think that presenting security as a business case and really outlining how implementing an identity and access management system — implementing any other aspect of the executive order [on improving the nation’s cybersecurity] — how that is going to benefit the mission and the business,” she said.
Now, OJP uses ICAM solutions to vet system users and ensure the proper awardees access federal funding.
“One thing that we get audited on every year is fraud, waste and abuse,” Noble said. “Who is getting access to this money? Is it the right amount of money? And also the confidentiality of the data in our system, the integrity of that system, the availability of it. … We want these funds to go to specific organizations and entities for very specific purposes. And so to that end, identity and access governance really is the gatekeeper of that.”
But ICAM solutions can hinder mission delivery if they introduce too much user friction, Noble added.
“Maybe there are some risk-based decisions that we need to make,” she said. “Let’s say you have a role of a state governor accepting an award. If the two or three times a year you have to log in to the system you have to go through eighteen checks just to get it there to accept that award, that causes a lot of friction. What that ends up setting up is that their assistant or their deputy maybe has the password and the login information. That’s something, from a security perspective, that we really don’t want to happen.”
OJP is currently collecting data on when people run into issues — whether they’re having trouble with password recollection, MFA access, entity administrators, or other hurdles — and working to increase efficiency and enhance the user experience.
“If the system is slowing down and people can’t use it, it doesn’t really matter what security we’re putting on there,” Noble said. “Because that’s really what [user’s] care about, is their mission.”
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
DODIN Strategy Aims to Outpace Cyber Threats
JFHQ-DODIN Commander Lt. Gen. Paul Stanton says the new "How We Prevail" plan moves from reactive defense to proactive threat mitigation.
4m read -
Preparing for the Future Cyber Landscape
CISA, CFPB and Rubrik discuss how they’re building cybersecurity best practices and developing their workforces to prepare for the future threat landscape and bolster cyber resilience.
30m watch -
Air Force Chief: Modernization Is Critical to Maintaining Superiority
Air Force Secretary Frank Kendall cites AI, automation and cyber resilience as key modernization components to outpace China by 2050.
3m read -
Trump's DHS Secretary Pick Prioritizes Tech to Boost Security
South Dakota Governor Kristi Noem has prioritized advancements in cyber, quantum and biometrics to enhance state and national security.
7m read