Step 5 - Identify Program Stakeholders
A stakeholder is an individual or organization that is either actively involved in a program or who might be affected by the program’s execution or completion. It’s critical that you, identify all stakeholders, and not just those who may be positively affected by the project, in order to understand the needs, responsibilities, and potential impacts of program decisions.
We’ve identified key ICAM stakeholders at the federal and agency level. We’ve also included the approach for managing and engaging stakeholders to support your ICAM programs’ success. Depending on your agency and mission needs, you may have other stakeholders not identified below.
The following checklist shows government-wide external stakeholders and agency stakeholders you should identify.
Checklist
Federal Governance Bodies
Stakeholder Roles
| Office of Management and Budget (OMB) | • Assists the President in overseeing the preparation of the federal budget and supervises its administration in Executive Branch agencies. Provides policy, direction, and oversight for the implementation of ICAM initiatives • The lead agency with respect to E-Government implementation |
| Federal Chief Information Officers (CIO) Council | • Principal interagency forum for improving practices in the design, modernization, use, sharing, and performance of Federal Government agency information resources • Chartered the work of the Federal Identity Credentialing Committee (FICC), E-authentication initiative, and the Federal PKI Policy Authority, which have been consolidated into the newly chartered Information Security and Identity Management Committee (ISIMC) and Identity Credential and Access Management Subcommittee (ICAMSC) • Also includes the Privacy Committee. |
| Information Security and Identity Management Committee (ISIMC) | Principal interagency forum for identifying high priority security and identity management initiatives and developing recommendations for policies, procedures, and standards to address those initiatives that enhance the security posture and protection afforded to Federal Government networks, information, and information systems. |
| Identity Credential and Access Management Subcommittee (ICAMSC) | Subcommittee of the ISIMC focused on initiatives related to Identity, Credential, and Access Management |
| Privacy Committee | • Principal interagency forum to improve agency practices for the protection of privacy • Interagency coordination group for Senior Agency Officials for Privacy and Chief Privacy Officers in the Federal Government, promoting adherence to the letter and spirit of laws and best practices advancing privacy. |
| Department of Homeland Security (DHS) | Oversees government-wide and agency-specific cybersecurity implementation and reporting with respect to information systems that fall under FISMA to provide adequate, risk-based, and cost- effective cybersecurity. |
| General Services Administration (GSA) NOTE: GSA is also an Internal Service Provider |
• Managing partner for ICAM initiatives • Establishes and maintains vehicles and products for HSPD-12 deployment and provides USAccess HSPD-12 Managed Service Offering. |
| Office of Personnel Management (OPM) NOTE: OPM is also an Internal Service Provider |
• Develops and implements policies and procedures to ensure the effective, efficient, and timely completions of investigations and adjudications relating to determination of suitability and eligibly for logical and physical access • Owns the automated systems to support investigative processing < • Serves as the suitability executive agent for the Federal Government |
| Suitability and Security Clearance Performance Accountability Council | • Develops and implements uniform and consistent policies and procedures related to suitability, fitness, and clearance determination activities and processes • Serves as the most senior policy-making entity for the security and suitability reform effort and provides final determinations for resulting reports |
| Federal PKI Policy Authority | Established under the CIO Council to enforce digital certificate standards for trusted identity authentication across the federal agencies, as well as between federal agencies and outside bodies (e.g., universities, state and local governments, and commercial entities) |
| Interagency Security Committee (ISC) | Develops standards, policies, and best practices for enhancing the quality and effectiveness of physical security in, and the protection of, nonmilitary federal facilities in the United States |
| National Science and Technology Council (NSTC) | Cabinet-level Council that coordinates science and technology policy across the federal research and development enterprise |
| Federal Enterprise Architecture (FEA) Interagency Group | Community of federal enterprise architects that support the development of the FEA practices, models and other assets |
| Office of the National Coordinator for Health IT | Provides counsel to the Secretary of Health and Human Services (HHS) and departmental leadership for the development and nationwide implementation of an interoperable health IT infrastructure |
| Federal Cloud Computing Advisory Council | • Provides oversight to the Cloud Computing Initiative and Program Management Office (PMO), formerly ITI LOB PMO. • Goal is to achieve an optimized, cost-effective, government-wide IT infrastructure that supports agency mission, while providing reliability and security in service delivery |
| Information and Communications Infrastructure Interagency Policy Committee (ICI- IPC) | • The government’s primary policy coordination body for secured global information and communications infrastructure • Focus is to achieve an assured, reliable, secure, and survivable global information and communications infrastructure and related capabilities • Policy forum for cybersecurity matters. |
| Information Sharing and Access Policy Interagency Policy Committee (IPC) | • Reviews matters related to the improvement of sharing terrorist information • Advises the President and the Program Manager on the development of Information Sharing Environment (ISE) policies, procedures, guidelines, and standards • Ensures proper coordination among federal agencies participating in the ISE. |
| National Security Staff (NSS) | Advises and assists the President on national security and foreign policies |
| Committee of National Security Systems (CNSS) | Provides a forum for the discussion of policy issues in regards to the protection of national security systems. |
Internal Standards Body
Stakeholder Roles
| National Institute of Standards and Technology (NIST)) | Non-regulatory federal agency within the Department of Commerce that promotes U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology. |
External Industry Guidance and Standards Bodies
Stakeholder Roles
| ASIS International | Dedicated to increasing the effectiveness and productivity of security professionals by developing educational programs and materials that address broad security interests |
| Information Card Foundation (ICF) | Non-profit organization whose mission is to advance simpler, more secure and more open digital identity on the Internet |
| Kantara Initiative/Liberty Alliance | Working to enable a networked world based on open standards where consumers, citizens, businesses and governments can more easily conduct online transactions while protecting the privacy and security of identity information |
| OpenID Foundation | • Formed to help promote, protect, and enable the OpenID technologies and community • Manages intellectual property and brand marks, as well as fostering vital growth and global participation in the proliferation of OpenID |
| Organization for the Advancement of Structured Information Standards (OASIS) | • Not-for-profit consortium that drives the development, convergence and adoption of open standards for the global information society • OASIS develops security standards (e.g., Security Assertion Markup Language (SAML) and WS-*) in e-business and Web services applications. |
| Security Industry Association (SIA) | • Non-profit international trade association representing electronic and physical security product manufacturers, distributors, integrators, and service providers • SIA is an American National Standards Institute (ANSI)-approved Standards Development Organization involved in developing systems integration and equipment performance standards. |
| Smart Card Alliance | • Not-for-profit, multi-industry association working to stimulate the understanding, adoption, use and widespread application of smart card technology. • Has authored numerous white papers that provide best practices in the area of credential management |
| TechAmerica | High-tech industry association active in Federal Information Security policy issues. |
| Transglobal Secure Collaboration Program (TSCP) | • Government-industry partnership focused on facilitating solutions for Aerospace and Defense issues • Currently working on identity federation issues in international defense and aerospace programs. |
Internal ICAM Service Providers
Stakeholder Roles
| Department of the Treasury | A provider of PKI services and digital certificates for trusted identity authentication across the Federal Government and with external bodies |
| Federal Bureau of Investigation (FBI) | • Protects and defends the United States against terrorist and foreign intelligence threats • Upholds and enforces the criminal laws of the United States • Provides leadership and criminal justice services to federal, state, municipal, and international agencies and partners |
External Service Providers
Stakeholder Roles
| Cooperative Groups and Initiatives | Partnerships formed to share information, the ability to authenticate across boundaries, or other ICAM functions such as the Four Bridges Forum and Global Federated Identity and Privilege Management (GFIPM) |
| Industry Identity Access Management (IAM) Providers | The issuers of electronic credentials to user communities and includes Identity and Trust Providers |
| Industry PKI Service Providers | Providers of PKI services and digital certificates for trusted identity authentication across the Federal Government and with external bodies |
Internal Service Customers
Stakeholder Roles
| Cross-Agency Shared Service System Owners | Accept and trust electronic assertions of identity in respective electronic or web-based systems |
| Federal Agency Application Owners | • Will accept and trust electronic assertions of identity in respective electronic or web-based systems • Also referred to as relying parties |
| Federal Employees | • Primary recipient of Personal Identity Verification (PIV) credentials and holders of legacy E-Authentication credentials • Require access and user privileges for both physical and logical access • A subset of federal employees also serves as implementers of ICAM initiatives |
External Service Customers
Stakeholder Roles
| American Public and Businesses | • Individuals and businesses that require access to government systems and resources • Government-wide approach to ICAM must address the varying needs of these communities, focusing particularly on the characteristics of the two user segments: Government-to-Citizen (G2C) and Government-to-Business (G2B) •The Federal Government provides ICAM services to universities and contractors as business partners |
| Privacy Community | • People and organizations that support privacy practices and regulation • Members can be users of government services and advocate for the secure handling of that data |
| State, Local, Foreign, and Tribal Governments | • Transact business on behalf of their government or its constituency • Partner with the Federal Government in identity management initiatives |
Agency-Level Stakeholders
Stakeholder Roles
| Agency Partners and Affiliates | • Includes contractors working on behalf of the Federal Government and affiliates that do business with or consume the services provided by federal agencies • Portions of this population utilize the PIV card to access agency facilities and information systems, while others utilize non-PIV cards and require only occasional access to agency assets. |
| Business Process/System Owners | Individuals within an agency responsible for managing a set of activities, programs, and systems that are critical to operations and use ICAM services |
| General Counsel | Provides legal oversight over an agency’s ICAM program, administering security clearance review programs, and ensuring that ICAM programs abide by all applicable laws and regulations through use of an Inspector General (IG) led audit and accountability program. |
| Human Resources (HR) | Responsible for collecting and managing biographical information on federal employees, which results in creation of a digital identity within the agency’s HR application |
| Office of the Chief Financial Officer (OCFO) | Processes and submits budget requests for ICAM investments and ensures that ICAM requirements and tools are leveraged across the agency’s investments |
| Office of the Chief Information Officer (OCIO) | • Coordinates with the agency’s Chief Financial Officer (CFO) to assure that the IT programs and activities are executed in a cost-effective manner • OCIO is heavily involved in ICAM implementations by ensuring that appropriate security controls are applied, determining how the ICAM solution will impact the security of existing applications, and incorporating ICAM into the agency’s EA |
| Office of the Chief Information Security Officer (OCISO) | • Develops, employs, and publishes security policies, programs, and standards to guard the agency’s personnel, property, facilities, and information • Oversees projects related to credentials, badges, emergency signaling devices, etc. • Has leadership and authority over security policy and programs within the agency and can coordinate with the Personnel Security and Physical Security divisions |
| Personnel Security | • Coordinates with managers’ HR departments to determine position sensitivity levels for each position occupied within the agency • Coordinates with OPM to ensure that an appropriate background investigation and/or periodic reinvestigation is conducted for all agency employees and contractors. |
| Physical Security | Manages the security of agency buildings, such as resolving conflicts concerning entry to facilities and verifying that those seeking to gain access to federal buildings are appropriately authorized to do so |
| PIV Credentialing Program | Manages the PIV card issuance process and infrastructure |
| Privacy Office | • Administers policy to govern the use, collection, storage, and dissemination of Personally Identifiable Information (PII) for all agency employees, contractors, and affiliates • Maintains an agency’s System of Records Notices (SORNs), and supporting Privacy Impact Assessments (PIAs) for all IT investments, including ICAM. |
| Solution Providers | Industry partners and/or system integrators that provide ICAM services to federal agencies |
| Unions | Frequently involved in matters related to ICAM processes that collect personal information or introduce additional requirements for background investigations |