To maximize data access, minimize complexity, and reduce costs, the Intelligence Community should encourage and incentivize programs to use enterprise Identity, Credential, and Access Management (ICAM) services for protecting government resources deployed on Commercial Cloud Enterprise (C2E) vendor clouds.
President Biden on May 12, 2021, signed Executive Order 14028, “Improving the Nation’s Cybersecurity,” directing the adoption of Zero Trust Architectures (ZTA) in federal agencies as they move to the cloud. To maximize the ability for authorized consumers to access data, to minimize system complexity, and to reduce costs, we recommend the Intelligence Community (IC) actively encourage and incentivize programs to use enterprise Identify, Credential, and Access Management (ICAM) services for protecting government-owned resources deployed on the Commercial Cloud Enterprise (C2E) vendor clouds, and actively identify and remove disincentives for programs to use the enterprise ICAM services.
The goal should be for government-owned resources to leverage IC PKI to authenticate consumers and leverage enterprise-managed Attribute Based Access Control (ABAC) attributes for authorization decisions related to the authenticated consumers. This would drive consistent cloud vendor agnostic access control policies and data tagging efforts for all government-owned resources, enabling consumers to gain access to the data they are legitimately authorized to consume.