The Department of Homeland Security (DHS), U.S. Citizenship and Immigration Services (USCIS), Office of Information Technology (OIT), Information Security Division has a continuing requirement for information technology, systems engineering, and other professional services for the ongoing maintenance of the existing Identity, Credential, and Access Management (ICAM) applications and technical environment.

U.S. Citizenship and Immigration Services (USCIS) administers the nation’s lawful immigration system, safeguarding its integrity and promise by efficiently and adjudicating requests for immigration benefits while protecting Americans, securing the homeland, and honoring our values.

The USCIS Office of Information Technology (OIT), Information Security Division (ISD) is seeking technical and program management support requirements necessary to maintain the USCIS Identity, Credential, and Access Management (ICAM) enterprise information technology services program. These services include, but are not limited to, the design, architecture, engineering, documentation, quality assurance and maintenance of the enterprise implementation of the USCIS ICAM environment, as well as the program management support services required to successfully manage the ICAM program. Contractors will participate in team-based Agile environments that will be aligned in accordance with the ICAM Roadmap and implementation guidance and USCIS Agile DevOps development methodologies, such as the creation of a mature Continuous Integration/Continuous Delivery (CI/CD) model with a high level of automated testing integration.

The USCIS ICAM Program operates under the Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance and consists of several traditionally segregated functional areas (Identity, Credential, Access and Federation) that, when managed collectively, provide security, privacy and process efficiency benefits that would not be achieved if managed individually. The Office of Management and Budget (OMB) has also released other directives that outline specific ICAM-related requirements and delivery timelines for federal civilian agencies that USCIS ICAM follows.

Due to the breadth and depth of the ICAM scope, a successful implementation requires multiple distinct projects—all of which must integrate across business and technology disciplines to achieve the expected outcomes. For this reason, the USCIS ICAM Program was established to provide over-arching management and oversight to ensure ICAM mission success.
The USCIS ICAM Program defines, plans, promotes, and coordinates the enterprise implementation of the USCIS ICAM environment in accordance with best practices. The ICAM Program staff work with the different stakeholders within and outside the USCIS environment to determine existing initiatives and how they align to the ICAM Architecture and required functionality. The ICAM Program is responsible for integrating all the USCIS ICAM initiatives through a common vision and strategy that promotes interoperability and reuse. Organizationally, the ICAM Program is managed by the Identity Access Management (IAM) Branch Chief within the ISD.

The U.S. Citizenship and Immigration Services (USCIS), Office of Information Technology (OIT), Information Security Division (ISD) is mandated by the 2009 Federal Chief Information Officers (CIO) Council Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance. The Identity, Credential, and Access Management Enterprise Services (ICAM-ES) consists of several traditionally segregated functional areas (Identity, Credential, Access, and Federation) that when managed collectively, provide security, privacy and process efficiency benefits that would not be achieved if managed individually. The U.S. Office of Management and Budget (OMB) released M-11-11 (February 2011), and M-19-17 (May 2019), which outlined specific ICAM-related requirements and delivery timelines for federal civilian agencies.

Capabilities of the requirement include:

• Provide information technology, systems engineering, and other professional services for ICAM applications
• Provide design, development, integration, testing, and delivery of incremental functional releases of the ICAM environment in accordance with Agile and DevOps best practices and the government-approved design and schedule
• Provide testing processes to confirm that the ICAM environment capabilities and services meet business expectations and performance specifications
• ICAM program areas to address:
  • Role, Policy or Attribute Based Controls and Authorization
  • Single Sign-On / Login Authentication (AuthN)
  • Role-Based Access Management Authorization (AuthZ)
  • Access Governance
  • Privileged Access Management
  • PKI/Certificate Management (PIV, Device, Non-Person Entity, and Non-PIV Person Entity)
  • Account Management
  • Identity Provider (IdP) Management
  • System Account Management
  • API and Microservices Authentication (OAuth/OIDC)
  • Secrets Management
  • Enterprise Physical Access Control (ePACS)
  • PACS (physical access control system)/VMS (video management system) network O&M
  • Technical Architecture, Engineering and Infrastructure Support for multiple platforms
  • Program Management
  • Approval Workflow with Policy Enforcement
  • Online Self-Service
  • Fully and Semi-Automated Account Provisioning/De-provisioning
  • Self-Service Password Management
  • Electronic Audit (all access-related actions stored in central database)
  • Personal Identity Verification (PIV) Authentication
  • Access Federation
  • Section 508 Compliance
  • 24 x 7 x 365 Support