Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The organization employs only FICAM-approved information system components in [Assignment: organization-defined information systems] to accept third-party credentials.
NIST 800-53 (r4) Supplemental Guidance:
This control enhancement typically applies to information systems that are accessible to the general public, for example, public-facing websites. FICAM-approved information system components include, for example, information technology products and software libraries that have been approved by the Federal Identity, Credential, and Access Management conformance program.
Related control: SA-4.
References: OMB Memoranda 04-04, 11-11, 10-06-2011; FICAM Roadmap and Implementation Guidance; FIPS Publication 201; NIST Special Publications 800-63, 800-116; National Strategy for Trusted Identities in Cyberspace; Web: http://idmanagement.gov.
NIST 800-53 (r5) Discussion:
[Withdrawn: Incorporated into IA-8(2).]
38North Guidance:
Meets Minimum Requirement:
Employs only FICAM-approved information system components in organization-defined information systems to accept third-party credentials.
Best Practice:
Implement the capability to only allow approved FICAM approved third-party credentials such as CAC/PIV for customers accessing the system/application being offered in the FedRAMP environment.
U.S. Government FICAM Solution guidance.
U.S. General Services Administration guidance.
Unofficial FedRAMP Guidance: None
Assessment Evidence:
Screenshots of system/application configurations that demonstrate the capability that customers can support FICAM credentials.
CSP Implementation Tips: TBD
Page updated
Report abuse