Overview:
The information system accepts only FICAM-approved third-party credentials.
Supplemental Guidance:
This control enhancement typically applies to organizational information systems that are accessible to the general public, for example, public-facing websites. Third-party credentials are those credentials issued by nonfederal government entities approved by the Federal Identity, Credential, and Access Management (FICAM) Trust Framework Solutions initiative. Approved third-party credentials meet or exceed the set of minimum federal government-wide technical, security, privacy, and organizational maturity requirements. This allows federal government relying parties to trust such credentials at their approved assurance levels.
Related control:AU-2.
Action Items:
1) Ensure that information systems accept only FICAM-approved third-party credentials
Related Documents:
1) Identity and Access Management Policy
Additional Guidance:
Moderate FedRAMP-Defined Assignment / Selection Parameters
none
Moderate Additional FedRAMP Requirements and Guidance
none
Article ID: 714
Created: September 30, 2022
Last Updated: September 30, 2022
Author: Matthew Burdick
Online URL: http://www.compliancewiki.org/article/acceptance-of-third-party-credentials-ia-8-2-714.html