DESCRIPTION: The Department of Homeland Security (DHS) Science and Technology Directorate’s (S&T)
Project Responder 5 Report identified key capabilities to help first responders be more effective
in their mission. Among the findings included the need to securely share
information, validate responders from other organizations, and securely maintain records.
These challenges only increase as responders rely on more data. There is a critical need for
responders to securely validate users and share information. Identity, Credential, & Access
Management (ICAM) principles can mitigate these challenges.
ICAM is a framework of policies built into an organization’s IT infrastructure that allows system
owners to have assurance that the right person is accessing the right information at the
right time for the right reason. First Responders need to safely and securely share
information between jurisdictions, but first responder organizations do not currently have
federations set up to aid in information sharing. Instead, during multi-jurisdictional
responses, organization might be forced to manually provision an un-vetted new user or take days to
vet a new user's identity and certificates. Lead agencies require quick and secure solutions to vet
identities and credentials in real time as well as auto-provision users into information sharing
applications. ICAM On-the-Fly would allow new users to show up to assist in a public safety event,
bringing their own credential, their own device and the role they are to provide during the event.
Fundamentally, ICAM On-The-Fly must:
• Perform Quick Identity Proofing;
(e.g. validate that the user is who they says they are)
• Validate applicable certifications and attributes required to access the information to be
shared; (e.g. EMT Certified, sworn law enforcement)
• Automatically Provision (register) New Users;
• Be built using open standards to preserve interoperability;
• Be cross platform (iOS/Android) compatible; and
• Recognize a broad array of credential attributes in diverse environments (i.e.
multiple types of LDAP, Active Directory, etc.)