Office of the Chief Information Officer

United States Department of Agriculture

Identity, Credential and Access Management Services (EEMS)

Service Description

The USDA Identity, Credential and Access Management (ICAM) Program provides a common, standardized, and trusted solution for digital identity and access management across the USDA enterprise. 

The ICAM Enterprise Entitlements Management Service (EEMS) is an enterprise-wide solution that centrally manages the identity, entitlements, and roles of all USDA “persons” (including employees, contractors, partners, affiliates, and customers). EEMS manages access control policies and provides automated provisioning, management, and de-provisioning of both identities and access entitlements across USDA enterprise and agency IT systems.

EEMS benefits identity lifecycle management by providing a repository of identity data, roles, and entitlements to make access decisions accurately and consistently and will improve management of user identities and entitlements including the automation of provisioning and de-provisioning.  EEMS also provides crucial A-123 and FISMA auditing, reporting, and regulatory compliance.

By improving the speed, efficiency, and accuracy of identity management, EEMS provides cost savings of unneeded manual processes, EEMS reduces the business risk exposure of USDA networks and data.

What's Included

  • Identity Lifecycle Management (ILM)
    • Workflow engine to manage the on-boarding, off-boarding, transfer, access requests, and security events for USDA employees and contractors
    • Flexible business rule engine to streamline and automate access management
    • Integration with authoritative identity sources for accurate and timely information
  • Authoritative Attribute Exchange (AAX)
    • Automated provisioning & de-provisioning of accounts based on customized business rules
    • Synchronization of attributes and access permissions from authoritative data sources
    • Web service API for customized integration with agency applications
  • Role & Entitlement Management
    • Role based access control (RBAC) enables dynamic authorizations based on the presence of predefined attributes
    • Workflow-based approvals and notification for granting access
    • Automated access revocation based on agency business rules
    • Integrated with the eAuthentication Service  for authorization to web and mobile applications
  • Enterprise Directory
    • Comprehensive view of managed data for all users across the enterprise
    • Authorization services for agency or enterprise applications
  • Public Key Infrastructure
    • Enterprise Public Key Infrastructure (PKI) enables LincPass (PIV) authentication to USDA Windows Active Directory domains
    • Enables department-wide trust model of internally issued PKI certificates for secure websites, web services authentication, code signing, or other uses
    • Supports issuance of PKI-based user credentials
  • Highly Available & Reliable Environment
    • Highly available and scalable architecture
    • Automated load balancing and fail-over capacities across multiple data centers (select services)
    • 24x7x365 monitoring and incident response

How We Charge

Application integrations fees are based on the complexity of integration requirements and services included.

Ongoing operations and maintenance costs are shared among EEMS customers and are based on respective agency headcount

Service Level Metrics

Measure Target SLA
System Monitoring 24 x 7
Incident Response 24 x 7
System Availability 99.95% excluding planned downtime*

* EEMS utilizes the USDA Universal Telecommunication Network (UTN) for Wide Area Network services. The UTN is contractually guaranteed to be 99.9% available but has historically delivered 99.997% availability.

Cost Saving Tips

  • Share licensed applications across agencies to leverage the cost of the license across many users.
  • Engage EAS early in the scoping phase of a new project to identify volume, geography, security requirements, etc.
  • Early planning with the ICAM Program Office may reduce project length, development costs and rework.

Additional Information

Visit the ICAM Community on USDA Connect (login required):
EEMS Community

For EEMS integration information:
ICAM@ocio.usda.gov

For Federal ICAM general information:
http://www.idmanagement.gov

USDA CONTACT

Chris North, Director

OCIO, Enterprise Applications Services (EAS)

Chris.North@ocio.usda.gov