CDC SAMS – Identity, Credential, and Access Management (ICAM) Operations and Modernization

Overview:

KR3 was awarded a prime contract to provide operational support, maintenance, and enhancement of the Centers for Disease Control and Prevention (CDC) Secure Access Management Services (SAMS) system. SAMS serves as the enterprise ICAM solution, securing access to over 400 integrated CDC IT systems for approximately 700,000 users, including both HHS staff and external partners.

Goal:

The CDC's objective for this contract is to ensure the continuous, secure, and compliant operation of the SAMS platform while supporting the agency’s evolving collaboration needs with external partners and HHS users. This includes maintaining core ICAM services such as user onboarding, identity validation, authentication, authorization, secure file transfer, and API security, as well as supporting system modernization efforts, including the transition to a FedRAMP High cloud-based Identity-as-a-Service (IDaaS) solution using Ping Identity.

Approach & Outcome:

KR3 provides end-to-end functional, technical, and advisory support for the SAMS platform, covering operations across five on-premise environments (Production, DR, Staging, Integration, and Development) and the emerging Ping IDaaS environment. Our team ensures the seamless operation of critical services including identity proofing workflows, federated trust integrations, directory services, and the SAMS Single Sign-On (SSO) portal. We manage software and hardware patching, system upgrades, and vulnerability remediation in accordance with CDC policies, NIST 800-63 guidelines, and HSPD-12 compliance requirements.

As part of this engagement, KR3 supports CDC Programs and IT applications through integration planning, onboarding assistance, and ongoing change management. We provide Tier 2/3 technical support for SAMS end user escalations, assist with authorization management, and maintain system documentation, workflows, and architecture diagrams. KR3 also supports CDC’s broader initiatives, including federated trust management with partners like ID.me and Login.gov, vulnerability tracking and remediation, and the SAMS Certification & Accreditation (C&A) process to maintain system security approvals.

Through this work, KR3 enables the CDC to maintain a secure, reliable, and scalable access management solution that supports cross-agency collaboration and prepares SAMS for future modernization and cloud transition. Our efforts help ensure consistent service delivery, system integrity, and compliance with federal security mandates, directly supporting CDC’s mission to protect public health.