top of page

Identity & Access Management (IDAM)

IDAM Support & Capabilities

These days, data is critical to every organization’s success. Protecting your data should be your top priority. Our information security experts are experienced at preventing data breaches while ensuring that the right people have the appropriate access. A thorough Identity and Access Management (IDAM) strategy minimizes your organization’s risks. By performing a complete evaluation of your organization’s data and infrastructure we can implement the most appropriate IDAM solution. This solution ensures data integrity while still meeting your organization’s business goals and practices. Even if you already have an IDAM software stack in place, our expert team is ready to walk you through the entire IDAM cycle and confirm your organization’s critical data assets are safe.

 

Our team of IDAM subject matter experts has successfully deployed multi-year, full IDAM lifecycles for large government agencies. We have led our customers through initial inception, legacy infrastructure evaluations, identifying and prioritizing organizational risks, selecting and integrating the most suitable IDAM solution, and completing operational rollouts for IDAM systems. Before embarking, we work with all levels of your organization to create a roadmap that establishes the right foundation. Such a logical approach ensures minimum disruption to your business. It also makes it easy to add on features and enhancements in future phases, should the need arise. 

 

Here is a comprehensive list of IDAM capabilities our team provides:

 

  • Identity Management

  • Access Management

  • Entitlement Governance

  • User Provisioning

  • Access Control

  • IDAM evaluation and roadmap

  • Single Sign On (SSO)

  • Identity Federation

  • IDAM COTS evaluation and selection

  • Auditing and Compliance

  • Authentication and Authorization

  • AWS Cloud Identity and Management

System Accreditation & ICD 503 Compliance

Government agencies are adopting the Risk Management Framework (ICD 503) to comply with federal mandates for accrediting government systems. Understanding each family control within ICD 503 can be daunting, time-consuming, and extremely challenging. We have in-depth experience with the NIST 800-53(a) publication that provides the recommended security controls for federal systems and organizations.  Working with your team, and the agency’s assessors, we ensure that you have proper controls selected that match your system. As you continue to build out your system, we work with you to prepare responses for each family of controls. This ensures all vulnerabilities and findings have been addressed before getting to the assessment phase. Using this approach, we received an Authority To Operate (ATO) with one of the largest IC agencies in four months. Given this unprecedented timeframe, that agency adopted our ICD 503 documentation as templates for future programs seeking ATO.

 

There are six phases of ICD 503 compliance. Our team provides detailed technical support at each level:

 

  • Phase 1, 2, and 3 [Document]—Create the Concept of Operations (CONOPS) and System Security Plan (SSP). Work with the assessors to select appropriate levels of Confidentiality, Integrity, and Availability (C.I.A.) to generate the proper family of controls and overlays for your system. Create any additional necessary supporting documentation such as audit policy, configuration management, and contingency plans before going into Phase 4. Assist your team with necessary system scans and address each vulnerability finding.

  • Phase 4 [Assess]—Write test cases and the System Assessment Plan (SAP). Assist your team with the assessment stage through testing and presenting to the board of assessors. Address any issues outlined in the Security Assessment Report (SAR) and Risk Assessment Report (RAR).

  • Phase 5 [Authorize]—Help you address any outstanding issues in the RAR and create a Plan of Action and Milestone (POA&M) before being granted ATO.

  • Phase 6 [Monitor]—Work with the Continuous Monitoring team to make sure all POA&Ms are being addressed in a timely manner, and ensure your system is meeting each monthly evaluation and assessment.

bottom of page