last sync: 2023-Jun-02 17:44:47 UTC

Azure Policy definition

Employ FICAM-approved resources to accept third-party credentials

Name Employ FICAM-approved resources to accept third-party credentials
Azure Portal
Id db8b35d6-8adb-3f51-44ff-c648ab5b1530
Version 1.1.0
details on versioning
Category Regulatory Compliance
Microsoft docs
Description CMA_C1349 - Employ FICAM-approved resources to accept third-party credentials
Mode All
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default
Manual
Allowed
Manual, Disabled
RBAC
Role(s)
none
Rule
Aliases
Rule
ResourceTypes
IF (1)
Microsoft.Resources/subscriptions
Compliance The following 5 compliance controls are associated with this Policy definition 'Employ FICAM-approved resources to accept third-party credentials' (db8b35d6-8adb-3f51-44ff-c648ab5b1530)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 IA-8(3) FedRAMP_High_R4_IA-8(3) FedRAMP High IA-8 (3) Identification And Authentication Use Of Ficam-Approved Products Shared n/a The organization employs only FICAM-approved information system components in [Assignment: organization-defined information systems] to accept third-party credentials. Supplemental Guidance: This control enhancement typically applies to information systems that are accessible to the general public, for example, public-facing websites. FICAM-approved information system components include, for example, information technology products and software libraries that have been approved by the Federal Identity, Credential, and Access Management conformance program. Related control: SA-4. link 1
FedRAMP_Moderate_R4 IA-8(3) FedRAMP_Moderate_R4_IA-8(3) FedRAMP Moderate IA-8 (3) Identification And Authentication Use Of Ficam-Approved Products Shared n/a The organization employs only FICAM-approved information system components in [Assignment: organization-defined information systems] to accept third-party credentials. Supplemental Guidance: This control enhancement typically applies to information systems that are accessible to the general public, for example, public-facing websites. FICAM-approved information system components include, for example, information technology products and software libraries that have been approved by the Federal Identity, Credential, and Access Management conformance program. Related control: SA-4. link 1
hipaa 1122.01q1System.1-01.q hipaa-1122.01q1System.1-01.q 1122.01q1System.1-01.q 11 Access Control 1122.01q1System.1-01.q 01.05 Operating System Access Control Shared n/a Unique IDs that can be used to trace activities to the responsible individual are required for all types of organizational and non-organizational users. 7
hipaa 1424.05j2Organizational.5-05.j hipaa-1424.05j2Organizational.5-05.j 1424.05j2Organizational.5-05.j 14 Third Party Assurance 1424.05j2Organizational.5-05.j 05.02 External Parties Shared n/a The organization has a formal mechanism to authenticate the customer's identity prior to granting access to covered information. 8
NIST_SP_800-53_R4 IA-8(3) NIST_SP_800-53_R4_IA-8(3) NIST SP 800-53 Rev. 4 IA-8 (3) Identification And Authentication Use Of Ficam-Approved Products Shared n/a The organization employs only FICAM-approved information system components in [Assignment: organization-defined information systems] to accept third-party credentials. Supplemental Guidance: This control enhancement typically applies to information systems that are accessible to the general public, for example, public-facing websites. FICAM-approved information system components include, for example, information technology products and software libraries that have been approved by the Federal Identity, Credential, and Access Management conformance program. Related control: SA-4. link 1
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40 add db8b35d6-8adb-3f51-44ff-c648ab5b1530
Initiatives
usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693 Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
JSON