The agency is considering overhauling its identity credential and access management, or ICAM, system to manage secure access for all users.
The Social Security Administration, which manages the identity number of all 330 million Americans, wants new ways to ensure people contacting the agency and using its systems are who they claim to be.
A request for information posted Monday to FedConnect—and reposted on beta.SAM.gov—asks industry for solutions for “for managing all aspects of identity credential and access management for external users that is separate and apart from anything we have in production today.”
The market research sets the stage to potentially “replace the existing external ICAM platform(s) currently in use at SSA,” according to the RFI posted by the SSA Office of Systems.
The document includes 17 must-haves for a potential solution, including:
- Remote identity proofing at National Institute of Standards and Technology’s Identity Assurance Level 2.
- Authentication at NIST Authenticator Assurance Level 1, Level 2 and Level 3.
- Multiple user multifactor authentication options.
- Integrated secure password management and risk mitigation.
- Fraud detection and mitigation.
- Omni-channel solutions that provide integrated user management across channels.
- Support for multiple user workflows based on type.
Contractors are also asked to give information about how their solutions work across platforms, such as web/mobile and iOS/Android; explanations of failure rates; and auditing capabilities, among others.
Responses are due by 12 p.m. June 30.
Not mentioned in the RFI is the Office of Management and Budget’s ICAM policy, which was updated in May 2019. While the document does not mention the new policy by name, many of its core tenets—such as the need to be platform agnostic—are called out in the information request.