last sync: 2024-Jun-24 18:15:26 UTC

Employ FICAM-approved resources to accept third-party credentials | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source Azure Portal
Display name Employ FICAM-approved resources to accept third-party credentials
Id db8b35d6-8adb-3f51-44ff-c648ab5b1530
Version 1.1.0
Details on versioning
Category Regulatory Compliance
Microsoft Learn
Description CMA_C1349 - Employ FICAM-approved resources to accept third-party credentials
Additional metadata Name/Id: CMA_C1349 / CMA_C1349
Category: Operational
Title: Employ FICAM-approved resources to accept third-party credentials
Ownership: Customer
Description: The customer is responsible for employing only Federal Identity, Credential, and Access Management (FICAM) Trust Framework Solutions initiative approved resources for accepting third-party credentials. Note: if the customer's deployed resources do not allow third-party credentials this control is not applicable.
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 5 compliance controls are associated with this Policy definition 'Employ FICAM-approved resources to accept third-party credentials' (db8b35d6-8adb-3f51-44ff-c648ab5b1530)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 IA-8(3) FedRAMP_High_R4_IA-8(3) FedRAMP High IA-8 (3) Identification And Authentication Use Of Ficam-Approved Products Shared n/a The organization employs only FICAM-approved information system components in [Assignment: organization-defined information systems] to accept third-party credentials. Supplemental Guidance: This control enhancement typically applies to information systems that are accessible to the general public, for example, public-facing websites. FICAM-approved information system components include, for example, information technology products and software libraries that have been approved by the Federal Identity, Credential, and Access Management conformance program. Related control: SA-4. link 1
FedRAMP_Moderate_R4 IA-8(3) FedRAMP_Moderate_R4_IA-8(3) FedRAMP Moderate IA-8 (3) Identification And Authentication Use Of Ficam-Approved Products Shared n/a The organization employs only FICAM-approved information system components in [Assignment: organization-defined information systems] to accept third-party credentials. Supplemental Guidance: This control enhancement typically applies to information systems that are accessible to the general public, for example, public-facing websites. FICAM-approved information system components include, for example, information technology products and software libraries that have been approved by the Federal Identity, Credential, and Access Management conformance program. Related control: SA-4. link 1
hipaa 1122.01q1System.1-01.q hipaa-1122.01q1System.1-01.q 1122.01q1System.1-01.q 11 Access Control 1122.01q1System.1-01.q 01.05 Operating System Access Control Shared n/a Unique IDs that can be used to trace activities to the responsible individual are required for all types of organizational and non-organizational users. 7
hipaa 1424.05j2Organizational.5-05.j hipaa-1424.05j2Organizational.5-05.j 1424.05j2Organizational.5-05.j 14 Third Party Assurance 1424.05j2Organizational.5-05.j 05.02 External Parties Shared n/a The organization has a formal mechanism to authenticate the customer's identity prior to granting access to covered information. 8
NIST_SP_800-53_R4 IA-8(3) NIST_SP_800-53_R4_IA-8(3) NIST SP 800-53 Rev. 4 IA-8 (3) Identification And Authentication Use Of Ficam-Approved Products Shared n/a The organization employs only FICAM-approved information system components in [Assignment: organization-defined information systems] to accept third-party credentials. Supplemental Guidance: This control enhancement typically applies to information systems that are accessible to the general public, for example, public-facing websites. FICAM-approved information system components include, for example, information technology products and software libraries that have been approved by the Federal Identity, Credential, and Access Management conformance program. Related control: SA-4. link 1
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693 Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40 add db8b35d6-8adb-3f51-44ff-c648ab5b1530
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC