Agencies plan to use FICAM authentication standards for counterterrorism sharing

Tools

A large majority of agencies involved in sharing counterterrorism information say they plan on adopting Federal Identity, Credential, and Access Management standards as part of information sharing systems.

The Information Sharing Environment program surveyed 16 departments and agencies on their information sharing capabilities and plans, releasing the results as part of its 2013 annual report. ISE is a component within the Office of the Director of National Intelligence tasked with perpetuating information sharing standards and practices. Recently leaked documents show it has an annual budget of about $25 million, about half of which is grants to recipients such as state and regional fusion centers.

In all, 82 percent of the surveyed agencies, which include major departments such as Defense and Energy, as well as intelligence community components such as the National Geospatial Intelligence Agency, said they will integrate FICAM standards into information sharing--although, the departments of Homeland Security and Justice told the ISE that their plans don't include using the standards and high classification levels.

Homeland Security officials said they'll use FICAM for secret and unclassified information sharing, while Justice officials said the FBI is evaluating FICAM for use only in unclassified systems. The FBI does plan in the future to use the standards for classified systems, but only "as funding becomes available."

The Defense Department, meanwhile, says that "FICAM will manifest itself in DoD's implementation of the Joint Information Environment," the JIE being the latest Pentagon attempt to rationalize military network and software architecture.

Slightly fewer than half of surveyed agencies could say they've aligned their sensitive-but-unclassified network architecture to be consistent with FICAM, however--47 percent of surveyed agencies said they have, while 53 percent said they haven't.

When it comes to using the standardized personal identity verification cards the FICAM program office oversees, ISE notes in its report that some civilian agencies are moving toward using them for logical access. The Health and Human Services Department told ISE that it's installed mandatory access card logons at 48 percent of its desktops and will require their use on all desktops. Justice officials said various bureaus have started using PIV card logging at desktops.

For more:
- go to the ISE 2013 annual report

Related Articles:
White House data strategy calls for standardized metadata and identity authentication
NSTIC pilots fuel discussion on identity functions
NIST: No uniform approach to identity management