The Defense Information Systems Agency issued an other transaction agreement to multinational auditing and professional services firm KPMG to consolidate its access management systems.
The new identity, credential and access management (ICAM) prototype system the company is helping to build will consolidate and update a number of existing login systems and could eventually be expanded to use by agencies throughout the Department of Defense, KPMG said in a news release.
The prototype also aims to give administrators more abilities to review user access to systems. The prototype OTA was valued a $600,000.
The company will use cloud and on-premise software for access management and authentication, “helping assure that only authorized individuals gain access to DISA computer systems and information. It would also provide increased auditability so officials could better evaluate user system access,” KPMG says.
“KPMG is excited to support DISA with this innovative and strategic effort that will help empower ICAM-based services for DISA and its stakeholders,” said Brenda Walker, lead partner for KPMG’s Department of Defense consulting services. “We are delighted to have been chosen and look forward to submitting our prototype.”
KPMG is developing the prototype with the support of UberEther and in part using commercial-off-the-shelf software licensed from vendors including Ping Identity, SailPoint, and Radiant Logic, the company said in its release.
Since May 2019, DISA has said it will be using the OTA contract vehicle more often to quickly issue contracts and find prototypes for technology challenges. Identity management systems were one of the big targets for the agency in its use of OTAs. DISA also said it wants to experiment with are zero trust architecture, browser isolation and assured identity biometrics.
“Our vision is to eliminate passwords,” DISA Director Vice Adm. Nancy Norton said last May during an AFCEA event. “Continuous multifactor authentication will run seamlessly in the background allowing access through biometric data distinct to each user.”