Use of FICAM-Approved Products IA-8(3)

Overview:
The organization employs only FICAM-approved information system components in [Assignment: organization-defined information systems] to accept third-party credentials.

Supplemental Guidance:
This control enhancement typically applies to information systems that are accessible to the general public, for example, public-facing websites. FICAM-approved information system components include, for example, information technology products and software libraries that have been approved by the Federal Identity, Credential, and Access Management conformance program.

Related control: SA-4.

Action Items:
1) Ensure that information systems accept only FICAM-approved third-party credentials

Related Documents:
1) Identity and Access Management Policy

Additional Guidance:
Moderate FedRAMP-Defined Assignment / Selection Parameters
none

Moderate Additional FedRAMP Requirements and Guidance
none