Supporting the Office of Management and Budget’s Identity Policy Proposal
The White House Office of Management and Budget (OMB) is proposing a new policy to address Federal agencies’ implementation of Identity, Credential, and Access Management, and earlier this month asked for public comments on the policy draft. Tim McIntyre, our associate general counsel and data protection officer, submitted the below comment to the Federal CIO and OMB last week—supporting the proposal, and encouraging the administration to consider the protection of cloud applications in addition to networks.
Okta, Inc. expresses its support for the OMB’s Identity Policy proposal, and we welcome the focus on the need to strengthen the cybersecurity of federal agencies through improved identity, credential, and access management. At Okta, our vision is to enable any agency to use any technology, and we develop identity and access management products that enable people to access applications and other tools smoothly and successfully. We believe that the policy’s implementation would lead to increased efficiency and cybersecurity protection across impacted agencies.
Specifically, we applaud the proposal’s call for updates to previous requirements in the areas of multi-factor authentication and interoperability, as we believe that both components are integral to an effective strategy. In our opinion, the goal of interoperability dovetails with a technology-neutral approach to cybersecurity protection, which we believe is critical to ensure access to the most effective and secure technology resources in the marketplace. Specific requirements or policies that mandate or prohibit the use of certain technology only undermine security by limiting evolving security controls and best practices, and can potentially create single points of failure.
We also note that the proposal makes reference to “tools on agency networks that provide enterprise-wide visibility of what assets, users, and activities are on their networks,” and we would encourage the OMB to expand the dialogue to include the protection of cloud computing assets, and not just network assets, given the rapid proliferation of resources that are made available as hosted web offerings.
We are committed to supporting this policy and look forward to continuing the broader conversation on these topics.
For details on how Okta helps government better serve citizens with identity, visit www.okta.com/government. To learn even more about Okta and our work in the public sector, join us at an upcoming Cloud Connections event. We’ll be in Washington, D.C. on June 5 — register here!