last sync: 2024-Jun-13 18:14:14 UTC

Conform to FICAM-issued profiles | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source Azure Portal
Display name Conform to FICAM-issued profiles
Id a8df9c78-4044-98be-2c05-31a315ac8957
Version 1.1.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description CMA_C1350 - Conform to FICAM-issued profiles
Additional metadata Name/Id: CMA_C1350 / CMA_C1350
Category: Operational
Title: Conform to FICAM-issued profiles
Ownership: Customer
Description: The customer is responsible for conforming to the profiles issued by the Federal Identity, Credential, and Access Management (FICAM) Trust Framework Solutions initiative. Note: if the customer's deployed resources do not allow third-party credentials this control is not applicable.
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 6 compliance controls are associated with this Policy definition 'Conform to FICAM-issued profiles' (a8df9c78-4044-98be-2c05-31a315ac8957)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 IA-8(4) FedRAMP_High_R4_IA-8(4) FedRAMP High IA-8 (4) Identification And Authentication Use Of Ficam-Issued Profiles Shared n/a The information system conforms to FICAM-issued profiles. Supplemental Guidance: This control enhancement addresses open identity management standards. To ensure that these standards are viable, robust, reliable, sustainable (e.g., available in commercial information technology products), and interoperable as documented, the United States Government assesses and scopes identity management standards and technology implementations against applicable federal legislation, directives, policies, and requirements. The result is FICAM-issued implementation profiles of approved protocols (e.g., FICAM authentication protocols such as SAML 2.0 and OpenID 2.0, as well as other protocols such as the FICAM Backend Attribute Exchange). Related control: SA-4. link 1
FedRAMP_Moderate_R4 IA-8(4) FedRAMP_Moderate_R4_IA-8(4) FedRAMP Moderate IA-8 (4) Identification And Authentication Use Of Ficam-Issued Profiles Shared n/a The information system conforms to FICAM-issued profiles. Supplemental Guidance: This control enhancement addresses open identity management standards. To ensure that these standards are viable, robust, reliable, sustainable (e.g., available in commercial information technology products), and interoperable as documented, the United States Government assesses and scopes identity management standards and technology implementations against applicable federal legislation, directives, policies, and requirements. The result is FICAM-issued implementation profiles of approved protocols (e.g., FICAM authentication protocols such as SAML 2.0 and OpenID 2.0, as well as other protocols such as the FICAM Backend Attribute Exchange). Related control: SA-4. link 1
hipaa 1122.01q1System.1-01.q hipaa-1122.01q1System.1-01.q 1122.01q1System.1-01.q 11 Access Control 1122.01q1System.1-01.q 01.05 Operating System Access Control Shared n/a Unique IDs that can be used to trace activities to the responsible individual are required for all types of organizational and non-organizational users. 7
hipaa 1424.05j2Organizational.5-05.j hipaa-1424.05j2Organizational.5-05.j 1424.05j2Organizational.5-05.j 14 Third Party Assurance 1424.05j2Organizational.5-05.j 05.02 External Parties Shared n/a The organization has a formal mechanism to authenticate the customer's identity prior to granting access to covered information. 8
NIST_SP_800-53_R4 IA-8(4) NIST_SP_800-53_R4_IA-8(4) NIST SP 800-53 Rev. 4 IA-8 (4) Identification And Authentication Use Of Ficam-Issued Profiles Shared n/a The information system conforms to FICAM-issued profiles. Supplemental Guidance: This control enhancement addresses open identity management standards. To ensure that these standards are viable, robust, reliable, sustainable (e.g., available in commercial information technology products), and interoperable as documented, the United States Government assesses and scopes identity management standards and technology implementations against applicable federal legislation, directives, policies, and requirements. The result is FICAM-issued implementation profiles of approved protocols (e.g., FICAM authentication protocols such as SAML 2.0 and OpenID 2.0, as well as other protocols such as the FICAM Backend Attribute Exchange). Related control: SA-4. link 1
NIST_SP_800-53_R5 IA-8(4) NIST_SP_800-53_R5_IA-8(4) NIST SP 800-53 Rev. 5 IA-8 (4) Identification and Authentication Use of Defined Profiles Shared n/a Conform to the following profiles for identity management [Assignment: organization-defined identity management profiles]. link 1
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693 Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40 add a8df9c78-4044-98be-2c05-31a315ac8957
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC