Manage Access Control Playbook

Manage Access Control


What is Access Control Management and why is it important?

Access Control Management is a technique used to regulate who or what has access to your organization’s resources, and protects those sensitive resources by ensuring only authorized users have access. Implementation can be challenging and complex, so as the threat landscape expands, you’ll need a comprehensive strategy to automate access control and resolve cybersecurity threats.

This playbook contains answers to several common access control questions, including:

  • What is the Access Management Framework (AMF)?
  • What should I consider when developing my access control strategy?
  • How do I choose the most appropriate Access Control Model for my agency?
  • What are the four access control lifecycles, and how do I implement them?

This playbook is organized into 10 individual steps, or activities. Within each step, you’ll find a checklist to help you perform that activity, along with additional guidance such as frequently asked questions (FAQs), implementation tips, and security and privacy considerations.

How was the playbook developed?

The guidance in this playbook is based on the FICAM Roadmap and Implementation Guidance v2.0 (2011) and the Access Management Framework (2014), developed by the Identity Credential and Access Management Sub Committee. It’s hosted on GitHub in the hope that you and your agency will contribute additional content to improve access control management across the Federal government.

Where can I find additional content?

Visit the FICAM Architecture website for a high-level overview of identity management, and a description of services that deliver access management capabilities, as well as to gain a basic understanding of access management and its broader role in federal Identity, Credential, and Access Management (ICAM).

How can I contribute to this playbook?

Please visit our Contribute page to learn how to post questions and contribute content.