top of page


DTM 25-003 User Attribute Federation: Building DoD ZTA CoA-Aligned ICAM Foundations
Most DoD Zero Trust programs do not stall on conditional user access because the identity provider cannot talk to the application. Under ATO pressure, with PPBE cycles already locked and mission owners protecting operational timelines, teams often connect IdPs first and clean up attribute governance later. DTM 25-003 does not support that sequence. Conditional access depends on trusted, federated, policy-usable attributes from the start.
20 hours ago6 min read


Risk-Based Dynamic Access Rules: Meeting CISA ZTMM Conditional Access Requirements Under OMB M-22-09
Most civilian agencies still have a practical problem at the access layer: users are granted access based on static roles, but the risk around that user changes throughout the day. The user may move from a managed laptop to an unmanaged device. The session may originate from an unusual location. The endpoint may fall out of compliance. The account may show abnormal behavior. If the access decision does not change when the risk changes, the agency is not operating at OMB M-22-
Jun 297 min read


CISA ZTMM User Pillar: Building Dynamic Privilege Rules for OMB M-22-09 Identity Requirements
Most civilian agencies still have a privilege problem hiding inside normal operations: static Active Directory groups, standing administrator roles, VPN-era access assumptions, and quarterly access reviews that do not respond to user risk in the moment. That model does not hold up against the CISA ZTMM User Pillar or the identity direction in OMB M-22-09. Explore how conditional user access has to move from policy language into enforceable rules.
Jun 157 min read


DTM 25-003 ICAM Requirements: Building Conditional User Access Around Enterprise Identity
Most DoD program offices do not fail at conditional user access because they lack identity tools. They fail because identity is still fragmented across mission applications, privileged access workflows, directory services, and local authorization tables. Under DTM 25-003, that model does not hold. Conditional access depends on enterprise ICAM that can provide current identity, credential, privilege, and attribute data to the systems making access decisions.
Jun 106 min read
bottom of page
