The Department of Justice is gearing up to build an extensive identity and access management portfolio for employees and contractors over the next three years.
The Department of Justice is gearing up to build an extensive identity and access management service for employees and contractors over the next three years.
At a Dec. 11 conference hosted by SailPoint, Nickole Arbuckle, program lead for the "IamDOJ" identity management system at Justice, laid out 16 different tools that DOJ plans to have in place by 2021 around self-service identity management, logistical access, access certification, physical access provisioning, contractor access management, automated onboarding and compliance metrics reporting.
Arbuckle said it was part of a larger push at DOJ over the past two years to move towards an enterprise services model while getting rid of legacy systems and manual processes. For example, many aspects of the department's onboarding and off-boarding programs are still done through paper, requiring a circuitous and time-consuming journey to collect physical signatures from specific individuals. Justice will start moving toward a more automated system in 2020.
"It's really great if you can show up to work starting a new job and have your birthright access," said Arbuckle. "Generally, that's not how it happens right now.… Over the next three years, we're really trying to move towards getting rid of the paper documentation for onboarding and moving towards more of an automated flow. It's more auditable, we can remove access more quickly, give access more quickly and make sure everyone has the right access."
Justice and the law enforcement agencies under its purview all require differing levels of access authorization for employees, contractors and investigations. The department wants to give all of its employees DOJ ID numbers "so if they don't have an FBI number or a [Drug Enforcement Administration] number, they have a DOJ ID and that will follow them around the department," according to Scott Hoge, a director and consultant at CGI Federal, which is working with DOJ on the project.
The whole portfolio will be built on top of a legacy credential management system that DOJ uses for Continuous Diagnostics and Mitigation, a governmentwide cybersecurity program managed by the Department of Homeland Security.
Arbuckle told FCW the decision to use the existing system as a foundation for larger identity and access management goals has created some complication, but it has pushed her and others at the agency to take the long view on how to structure both projects.