Service Description
The USDA Enterprise Entitlement Management Service (EEMS) is a comprehensive solution that provides a single point of control to manage identity and access management (IAM) across the entire organization including employees, contractors, visitors, interns, short-term employees, appointees, and partners. It is a highly-available centralized service with distributed management capabilities.
Agency administrators function within branded and virtual operating environments where they can view and manage isolated agency users and resources. The diverse missions of many federal agencies necessitate local control of security, yet there is an overwhelming need for enterprise baseline security policies. EEMS provides virtualized operating environments that allow for both.
By improving the speed, efficiency, and accuracy of identity management, EEMS provides cost savings of unneeded manual processes, EEMS reduces the business risk exposure of USDA networks and data.
Base Service includes
Enterprise Directory (eDir), Identity Manager (IDM), Identity Correlation & Synchronization Server (ICS),and Role & Compliance Manager (RCM).
What's Included
- Compliance management (A-123 & FISMA)
- Auditing and reporting
- Service Desk support
- Secure facility, hardware, and system software Personnel support for problem resolution
- Performance monitoring
- Account and privilege provisioning and de-provisioning
- User directory entries and synchronization management
- Professional services for integration of user interface to agency applications can be optionally provided
How We Charge
Application integrations fees are based on the complexity of respective integration requirements.
Ongoing operations and maintenance costs are shared among EEMS customers and are based on respective agency headcount
Service Level Metrics
| Measure | Target SLA |
|---|---|
| System Monitoring | 24 x 7 |
| Incident Response | 24 x 7 |
| System Availability | 99.95% excluding planned downtime* |
Cost Saving Tips
- Share licensed applications across agencies to leverage the cost of the license across many users.
- Engage EAS early in the scoping phase of a new project to identify volume, geography, security requirements, etc.
- Early planning with the Department’s Mission Office (ICAM/EEMS Project Team) may reduce project length, development costs and rework.
Additional Information
Website links for application repository and development site.
- Enterprise Directory (eDir): The Enterprise Directory provides a comprehensive view of predefined authoritative data managed by the Identity Manager component for all users across the enterprise, allowing enterprise-class applications to leverage the Enterprise Directory for authentication and authorization services and bypassing significant limitations typically encountered with Active Directory forests.
-
Identity Manager (IdM): IdM is the core product of EEMS and provides administrative interfaces, provisioning and de-provisioning of identities and entitlements, rule-based policy management, role-based access control, and monitoring and reporting capabilities.
-
Identity Correlation & Synchronization (ICS): Provides bi-directional data synchronization and abstracted directory virtualization services that greatly simplify the management of identity across disparate data stores. ICS detects changes to data sources and transforms and propagates them to consuming systems according to customized business logic.
-
Role & Compliance Manager (RCM): Provides support to quickly and accurately develop, maintain, and analyze role models as well as manage centralized compliance policies. RCM uses advanced pattern recognition analysis to prevent improper privilege escalation and separation of duties (SOD) policy violations. It is also used to map roles and entitlements in existing data stores during data store integration with IdM.
USDA CONTACT
Chris North, Director
OCIO, Enterprise Applications Services (EAS)