Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
FedRAMP_High_R4 |
IA-8(3) |
FedRAMP_High_R4_IA-8(3) |
FedRAMP High IA-8 (3) |
Identification And Authentication |
Use Of Ficam-Approved Products |
Shared |
n/a |
The organization employs only FICAM-approved information system components in [Assignment:
organization-defined information systems] to accept third-party credentials.
Supplemental Guidance: This control enhancement typically applies to information systems that are accessible to the general public, for example, public-facing websites. FICAM-approved information system components include, for example, information technology products and software libraries that have been approved by the Federal Identity, Credential, and Access Management conformance program. Related control: SA-4. |
link |
1 |
FedRAMP_Moderate_R4 |
IA-8(3) |
FedRAMP_Moderate_R4_IA-8(3) |
FedRAMP Moderate IA-8 (3) |
Identification And Authentication |
Use Of Ficam-Approved Products |
Shared |
n/a |
The organization employs only FICAM-approved information system components in [Assignment:
organization-defined information systems] to accept third-party credentials.
Supplemental Guidance: This control enhancement typically applies to information systems that are accessible to the general public, for example, public-facing websites. FICAM-approved information system components include, for example, information technology products and software libraries that have been approved by the Federal Identity, Credential, and Access Management conformance program. Related control: SA-4. |
link |
1 |
hipaa |
1122.01q1System.1-01.q |
hipaa-1122.01q1System.1-01.q |
1122.01q1System.1-01.q |
11 Access Control |
1122.01q1System.1-01.q 01.05 Operating System Access Control |
Shared |
n/a |
Unique IDs that can be used to trace activities to the responsible individual are required for all types of organizational and non-organizational users. |
|
7 |
hipaa |
1424.05j2Organizational.5-05.j |
hipaa-1424.05j2Organizational.5-05.j |
1424.05j2Organizational.5-05.j |
14 Third Party Assurance |
1424.05j2Organizational.5-05.j 05.02 External Parties |
Shared |
n/a |
The organization has a formal mechanism to authenticate the customer's identity prior to granting access to covered information. |
|
8 |
NIST_SP_800-53_R4 |
IA-8(3) |
NIST_SP_800-53_R4_IA-8(3) |
NIST SP 800-53 Rev. 4 IA-8 (3) |
Identification And Authentication |
Use Of Ficam-Approved Products |
Shared |
n/a |
The organization employs only FICAM-approved information system components in [Assignment:
organization-defined information systems] to accept third-party credentials.
Supplemental Guidance: This control enhancement typically applies to information systems that are accessible to the general public, for example, public-facing websites. FICAM-approved information system components include, for example, information technology products and software libraries that have been approved by the Federal Identity, Credential, and Access Management conformance program. Related control: SA-4. |
link |
1 |