Sean Frazier, advisory chief information security officer of the federal group at Cisco‘s Duo Security subsidiary, has said the Office of Management and Budget’s recently issued policy federal employee security and access promotes a risk-based approach to secure government systems.
“The new updated identity, credential and access management policy extends the government physical credentials of personal identity verification and common access cards into the digital world,” Frazier wrote in a blog entry posted Thursday.
The OMB guidance outlines how agency leaders should manage employees with access to federal resources, networks and information.
Frazier said the document calls for expanded adoption of risk-based approach to identity security across the government and encourages agencies to consider new technologies to identify and authorize users.
“What it shows us is that the OMB is paying attention to all the parts that make up a zero-trust security methodology, and that the OMB believes (correctly) that a strong identity, credential and access management system is at the heart of it,” he noted.
The policy also states that each agency should establish an integrated agency-wide ICAM office, team or organization to support Enterprise Risk Management and coordinate security efforts.