The Office of Management and Budget has a new policy for managing credentials in the federal government. According to a memo, the changes to the Identity, Credential and Access Management policy will add some bots to the list of privileged users at agencies. Lt. Gen. Bob Ferrell (USA, ret.), former Army CIO and vice president of public sector strategy at World Wide Technology, says that the changes reinforce the need for risk management in security.
“[Identity management] is really key for good security, But as you look at the evolution of change when it comes to moving to the cloud as well as mobility, that policy needs to change. It is kind of really outdated,” Ferrell said. “When you look at identity management, what the memo says is that we need to do the risk assessment, risk management, if you will, when it comes to looking at security. It is really outlined in the SP800-63 NIST-wise.”
Scott Smith, managing director at Sila, says that the concept of the “dissolving perimeter” means that verifying identity has become one of the most important concepts in securing networks.
“Identity is the new perimeter. There’s nothing wrong with having firewalls and various gates to keep outsiders on the outside. But the importance of the identity and managing the lifecycle of the identity is very clear. It comes through in this guidance,” Smith said. “The CDM program… large federal contract, it is looking into the foundational elements around, what is on the network, who is on the network, what are those users doing? This guidance dovetails nicely into that CDM program.”