Skip to Content

Acceptance of Third-Party Credentials IA-8(2)

714  Matthew Burdick September 30, 2022  Identification and Authentication (IA)

Overview:
The information system accepts only FICAM-approved third-party credentials.


Supplemental Guidance:
This control enhancement typically applies to organizational information systems that are accessible to the general public, for example, public-facing websites. Third-party credentials are those credentials issued by nonfederal government entities approved by the Federal Identity, Credential, and Access Management (FICAM) Trust Framework Solutions initiative. Approved third-party credentials meet or exceed the set of minimum federal government-wide technical, security, privacy, and organizational maturity requirements. This allows federal government relying parties to trust such credentials at their approved assurance levels.


Related control:AU-2.


Action Items:
1) Ensure that information systems accept only FICAM-approved third-party credentials

 

Related Documents:
1) Identity and Access Management Policy


Additional Guidance:
Moderate FedRAMP-Defined Assignment / Selection Parameters
none


Moderate Additional FedRAMP Requirements and Guidance
none
Not Rated
Secure Code