The Federal Government recently released new guidance on FICAM, including a designated Federal-wide enterprise architecture. DoD organizations must implement these guidelines to manage, monitor, and secure access to their protected resources. However, implementing FICAM in digital learning systems presents unique questions. For example, the “actor” field in xAPI statements is usually populated with an Internationalized Resource Identifier hash code that needs to be globally resolvable in order to support enterprise analytics. At the same time, typical methods of identification (e.g., name, Social Security Number) are not permissible in certain systems that restrict the use of Personally Identifiable Information. Moreover, a globally unique identifier used in all records may present an unacceptable operational security vulnerability. An enterprise-wide solution is needed that adheres to Federal guidelines and also accommodates the broad mix of digital learning systems at different security levels.
Development of guidance for DoD on complying with the Federal Government’s federated identity management requirements when implementing them in learning systems. This guidance will also address security risks associated with sharing data among data learning technologies, particularly personalized and lifelong technology-enabled learning through the Total Learning Architecture (TLA).
About the Project
The primary goal of this project is to provide guidance to DoD distributed learning stakeholders on implementing FICAM. FICAM is the Federal Government’s implementation of Identity, Credential, and Access Management (ICAM), providing a common set of standards, best practices, and implementation guidance for Federal agencies. ICAM security policies are used by organizations to enable individuals to access appropriate network resources at the right time for the right reasons. This FICAM effort seeks to address security risks associated with sharing data among data learning technologies, particularly personalized and lifelong technology-enabled learning through the TLA. In addition, the ADL Initiative is examining the implications of FICAM in the development of the future learning ecosystem.
The ADL Initiative’s FICAM effort explores the implementation of FICAM principles with various stakeholders. The Center for Development of Security Excellence is collaborating with the ADL Initiative and serving as a testbed for FICAM implementation. Other DoD agencies, that are providing information or guidance to the ADL Initiative for this effort, are being kept apprised of the FICAM project. These include the Defense Manpower Data Center, which manages the “authoritative data source” of identity management in the DoD, and the Defense Information Security Agency, the organization responsible for publishing guidance for privacy protection and operational security.
The final product of this effort will provide specific guidance for implementing the controls and requirements for identity assurance, identity credential management (including multi-factor authentication) and configuration of access controls (through automated policies that encode privacy and security) defined by the National Institute of Standards and Technology This guidance will include the registration of “bring your own devices” into a “zero trust network” of connected learning technologies, and the identity management functions required to populate the ‘actor’ field in learning records that is globally resolvable to perform analytics, but still protects privacy and provides operational security.
ICAM for Defense Digital Learning Systems
November 04, 2020