Overview:
The organization employs only FICAM-approved information system components in [Assignment: organization-defined information systems] to accept third-party credentials.
Supplemental Guidance:
This control enhancement typically applies to information systems that are accessible to the general public, for example, public-facing websites. FICAM-approved information system components include, for example, information technology products and software libraries that have been approved by the Federal Identity, Credential, and Access Management conformance program.
Related control: SA-4.
Action Items:
1) Ensure that information systems accept only FICAM-approved third-party credentials
Related Documents:
1) Identity and Access Management Policy
Additional Guidance:
Moderate FedRAMP-Defined Assignment / Selection Parameters
none
Moderate Additional FedRAMP Requirements and Guidance
none
Article ID: 715
Created: September 30, 2022
Last Updated: September 30, 2022
Author: Matthew Burdick
Online URL: http://www.compliancewiki.org/article/use-of-ficam-approved-products-ia-8-3-715.html