| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| FedRAMP_High_R4 |
IA-8(4) |
FedRAMP_High_R4_IA-8(4) |
FedRAMP High IA-8 (4) |
Identification And Authentication |
Use Of Ficam-Issued Profiles |
Shared |
n/a |
The information system conforms to FICAM-issued profiles.
Supplemental Guidance: This control enhancement addresses open identity management standards. To ensure that these standards are viable, robust, reliable, sustainable (e.g., available in commercial information technology products), and interoperable as documented, the United States Government assesses and scopes identity management standards and technology implementations against applicable federal legislation, directives, policies, and requirements. The result is FICAM-issued implementation profiles of approved protocols (e.g., FICAM authentication protocols such as SAML 2.0 and OpenID 2.0, as well as other protocols such as the FICAM Backend Attribute Exchange). Related control: SA-4. |
link |
1 |
| FedRAMP_Moderate_R4 |
IA-8(4) |
FedRAMP_Moderate_R4_IA-8(4) |
FedRAMP Moderate IA-8 (4) |
Identification And Authentication |
Use Of Ficam-Issued Profiles |
Shared |
n/a |
The information system conforms to FICAM-issued profiles.
Supplemental Guidance: This control enhancement addresses open identity management standards. To ensure that these standards are viable, robust, reliable, sustainable (e.g., available in commercial information technology products), and interoperable as documented, the United States Government assesses and scopes identity management standards and technology implementations against applicable federal legislation, directives, policies, and requirements. The result is FICAM-issued implementation profiles of approved protocols (e.g., FICAM authentication protocols such as SAML 2.0 and OpenID 2.0, as well as other protocols such as the FICAM Backend Attribute Exchange). Related control: SA-4. |
link |
1 |
| hipaa |
1122.01q1System.1-01.q |
hipaa-1122.01q1System.1-01.q |
1122.01q1System.1-01.q |
11 Access Control |
1122.01q1System.1-01.q 01.05 Operating System Access Control |
Shared |
n/a |
Unique IDs that can be used to trace activities to the responsible individual are required for all types of organizational and non-organizational users. |
|
7 |
| hipaa |
1424.05j2Organizational.5-05.j |
hipaa-1424.05j2Organizational.5-05.j |
1424.05j2Organizational.5-05.j |
14 Third Party Assurance |
1424.05j2Organizational.5-05.j 05.02 External Parties |
Shared |
n/a |
The organization has a formal mechanism to authenticate the customer's identity prior to granting access to covered information. |
|
8 |
| NIST_SP_800-53_R4 |
IA-8(4) |
NIST_SP_800-53_R4_IA-8(4) |
NIST SP 800-53 Rev. 4 IA-8 (4) |
Identification And Authentication |
Use Of Ficam-Issued Profiles |
Shared |
n/a |
The information system conforms to FICAM-issued profiles.
Supplemental Guidance: This control enhancement addresses open identity management standards. To ensure that these standards are viable, robust, reliable, sustainable (e.g., available in commercial information technology products), and interoperable as documented, the United States Government assesses and scopes identity management standards and technology implementations against applicable federal legislation, directives, policies, and requirements. The result is FICAM-issued implementation profiles of approved protocols (e.g., FICAM authentication protocols such as SAML 2.0 and OpenID 2.0, as well as other protocols such as the FICAM Backend Attribute Exchange). Related control: SA-4. |
link |
1 |
| NIST_SP_800-53_R5 |
IA-8(4) |
NIST_SP_800-53_R5_IA-8(4) |
NIST SP 800-53 Rev. 5 IA-8 (4) |
Identification and Authentication |
Use of Defined Profiles |
Shared |
n/a |
Conform to the following profiles for identity management [Assignment: organization-defined identity management profiles]. |
link |
1 |