Mission Area
March 28, 2022
Back in January 2022, Army Deputy Chief of Staff, G-6 Lt. Gen. John Morrison said there were two priorities for setting unified network operations (UNO) in support of multi-domain operations: figuring out how to do UNO at the tactical edge and creating the requirements definition package for identity, credential and access management (ICAM). ICAM, said Morrison, is “foundational to zero trust” as it enables the Army to determine who is on the network, who has access to what data, and how to ensure that the right people have access to the right data, while the wrong people don’t.
As part of the Army’s overarching Digital Transformation Strategy published last October, the service is supposed to implement a standardized, enterprise ICAM system to meet both enterprise and tactical/disconnected requirements, as well as mission-based need to know for all users. The system — which is meant to serve as the basis for joint discussions, said Morrison — is not the Army’s first foray into ICAM.
According to officials from PEO EIS’s Enterprise Content Collaboration and Messaging (EC2M) product office, the Army’s current ICAM solution evolved from provisioning and authenticating user accounts for Army Knowledge Online, the enterprise web portal that shut down last summer after a 23-year run. Capt. Mark Rodriguez, EC2M’s deputy project officer for ICAM, described it as a combination of solutions and services that control access to over 1,000 applications and manage 1.5 million user records for the Army.
“We’re helping control access to multiple apps like the General Fund Enterprise Business System, Global Combat Support System – Army and sites that use the Enterprise Access Management Service – Army,” said Rodriguez, noting that ICAM doesn’t change the user experience but simply provides more user security and monitoring on the back end.
Under AKO, ICAM’s scope was mostly focused on personnel using government-furnished equipment, but it has steadily expanded its capabilities to incorporate foreign nationals and mission partners, reserve forces and non-traditional users with multifactor authentication and an improved sponsored accounts process.
EC2M’s next plans for ICAM include implementing identity governance administration — an add-on that digitizes the account provisioning and de-provisioning processes. The product office is in the early stages of onboarding Army apps to the service, said Rodriguez.
In the meantime — in support of Morrison’s push for a more holistic, joint solution — EC2M has been participating in a technical exchange with the Defense Information Systems Agency, DCS G-6, the Army chief information officer (CIO) and other stakeholders to discuss opportunities to integrate the Army’s and DISA’s ICAM efforts for potential shared capabilities across the DOD enterprise and mission partners. The Army has shared its requirements definition package for ICAM, and the other military services have highlighted their versions of ICAM solutions as well.
Army CIO Dr. Raj Iyer firmly believes the Army has a superior ICAM solution. “What we're trying to see is if we can get to a truly joint enterprise solution by allowing DISA to adopt or adapt some of our solutions rather than the other way around,” he said at a recent meeting of the Army CIO Executive Board.
For EC2M, the technical exchange with DISA and other stakeholders has been a great opportunity to synchronize ICAM efforts and exchange information. Rodriguez believes the Army’s ICAM solution has the advantage of a head start since it already has operated in complex environments.
“The Army took the initiative to adapt and solve the problem by developing products sooner because of evolving requirements with AKO,” said Rodriguez. “Since the Army is the largest service with a wide range of users and systems that need ICAM capabilities, we were incentivized to push the solutions faster.”