last sync: 2024-Oct-11 17:51:27 UTC

Accept only FICAM-approved third-party credentials | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source Azure Portal
Display name Accept only FICAM-approved third-party credentials
Id 2d2ca910-7957-23ee-2945-33f401606efc
Version 1.1.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.1.0
Built-in Versioning [Preview]
Category Regulatory Compliance
Microsoft Learn
Description CMA_C1348 - Accept only FICAM-approved third-party credentials
Additional metadata Name/Id: CMA_C1348 / CMA_C1348
Category: Operational
Title: Accept only FICAM-approved third-party credentials
Ownership: Customer
Description: The customer is responsible for only accepting third-party credentials that have been approved by the Federal Identity, Credential, and Access Management (FICAM) Trust Framework Solutions initiative. Note: if the customer's deployed resources do not allow third-party credentials this control is not applicable.
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 6 compliance controls are associated with this Policy definition 'Accept only FICAM-approved third-party credentials' (2d2ca910-7957-23ee-2945-33f401606efc)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 IA-8(2) FedRAMP_High_R4_IA-8(2) FedRAMP High IA-8 (2) Identification And Authentication Acceptance Of Third-Party Credentials Shared n/a The information system accepts only FICAM-approved third-party credentials. Supplemental Guidance: This control enhancement typically applies to organizational information systems that are accessible to the general public, for example, public-facing websites. Third-party credentials are those credentials issued by nonfederal government entities approved by the Federal Identity, Credential, and Access Management (FICAM) Trust Framework Solutions initiative. Approved third-party credentials meet or exceed the set of minimum federal government-wide technical, security, privacy, and organizational maturity requirements. This allows federal government relying parties to trust such credentials at their approved assurance levels. Related control: AU-2. link 1
FedRAMP_Moderate_R4 IA-8(2) FedRAMP_Moderate_R4_IA-8(2) FedRAMP Moderate IA-8 (2) Identification And Authentication Acceptance Of Third-Party Credentials Shared n/a The information system accepts only FICAM-approved third-party credentials. Supplemental Guidance: This control enhancement typically applies to organizational information systems that are accessible to the general public, for example, public-facing websites. Third-party credentials are those credentials issued by nonfederal government entities approved by the Federal Identity, Credential, and Access Management (FICAM) Trust Framework Solutions initiative. Approved third-party credentials meet or exceed the set of minimum federal government-wide technical, security, privacy, and organizational maturity requirements. This allows federal government relying parties to trust such credentials at their approved assurance levels. Related control: AU-2. link 1
hipaa 1122.01q1System.1-01.q hipaa-1122.01q1System.1-01.q 1122.01q1System.1-01.q 11 Access Control 1122.01q1System.1-01.q 01.05 Operating System Access Control Shared n/a Unique IDs that can be used to trace activities to the responsible individual are required for all types of organizational and non-organizational users. 7
hipaa 1424.05j2Organizational.5-05.j hipaa-1424.05j2Organizational.5-05.j 1424.05j2Organizational.5-05.j 14 Third Party Assurance 1424.05j2Organizational.5-05.j 05.02 External Parties Shared n/a The organization has a formal mechanism to authenticate the customer's identity prior to granting access to covered information. 8
NIST_SP_800-53_R4 IA-8(2) NIST_SP_800-53_R4_IA-8(2) NIST SP 800-53 Rev. 4 IA-8 (2) Identification And Authentication Acceptance Of Third-Party Credentials Shared n/a The information system accepts only FICAM-approved third-party credentials. Supplemental Guidance: This control enhancement typically applies to organizational information systems that are accessible to the general public, for example, public-facing websites. Third-party credentials are those credentials issued by nonfederal government entities approved by the Federal Identity, Credential, and Access Management (FICAM) Trust Framework Solutions initiative. Approved third-party credentials meet or exceed the set of minimum federal government-wide technical, security, privacy, and organizational maturity requirements. This allows federal government relying parties to trust such credentials at their approved assurance levels. Related control: AU-2. link 1
NIST_SP_800-53_R5 IA-8(2) NIST_SP_800-53_R5_IA-8(2) NIST SP 800-53 Rev. 5 IA-8 (2) Identification and Authentication Acceptance of External Authenticators Shared n/a (a) Accept only external authenticators that are NIST-compliant; and (b) Document and maintain a list of accepted external authenticators. link 1
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693 Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40 add 2d2ca910-7957-23ee-2945-33f401606efc
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC