AzPolicyAdvertizer

last sync: 2024-Sep-18 17:50:24 UTC

Accept PIV credentials | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source Azure Portal
Display name Accept PIV credentials
Id 55be3260-a7a2-3c06-7fe6-072d07525ab7
Version 1.1.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.1.0
Built-in Versioning [Preview]
Category Regulatory Compliance
Microsoft Learn
Description CMA_C1347 - Accept PIV credentials
Additional metadata Name/Id: CMA_C1347 / CMA_C1347
Category: Operational
Title: Accept PIV credentials
Ownership: Customer
Description: The customer is responsible for accepting and verifying Personal Identity Verification (PIV) credentials issued by other federal agencies. Note: if the customer does not deploy PIV credentials this control is not applicable.
Requirements: The customer is responsible for implementing this recommendation.
Mode All
Type BuiltIn
Preview False
Deprecated False
Effect Default
Manual
Allowed
Manual, Disabled
RBAC role(s) none
Rule aliases none
Rule resource types IF (1)
Microsoft.Resources/subscriptions
Compliance
The following 5 compliance controls are associated with this Policy definition 'Accept PIV credentials' (55be3260-a7a2-3c06-7fe6-072d07525ab7)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
FedRAMP_High_R4 IA-8(1) FedRAMP_High_R4_IA-8(1) FedRAMP High IA-8 (1) Identification And Authentication Acceptance Of Piv Credentials From Other Agencies Shared n/a The information system accepts and electronically verifies Personal Identity Verification (PIV) credentials from other federal agencies. Supplemental Guidance: This control enhancement applies to logical access control systems (LACS) and physical access control systems (PACS). Personal Identity Verification (PIV) credentials are those credentials issued by federal agencies that conform to FIPS Publication 201 and supporting guidance documents. OMB Memorandum 11-11 requires federal agencies to continue implementing the requirements specified in HSPD-12 to enable agency-wide use of PIV credentials. Related controls: AU-2, PE-3, SA-4. link 1
FedRAMP_Moderate_R4 IA-8(1) FedRAMP_Moderate_R4_IA-8(1) FedRAMP Moderate IA-8 (1) Identification And Authentication Acceptance Of Piv Credentials From Other Agencies Shared n/a The information system accepts and electronically verifies Personal Identity Verification (PIV) credentials from other federal agencies. Supplemental Guidance: This control enhancement applies to logical access control systems (LACS) and physical access control systems (PACS). Personal Identity Verification (PIV) credentials are those credentials issued by federal agencies that conform to FIPS Publication 201 and supporting guidance documents. OMB Memorandum 11-11 requires federal agencies to continue implementing the requirements specified in HSPD-12 to enable agency-wide use of PIV credentials. Related controls: AU-2, PE-3, SA-4. link 1
hipaa 1424.05j2Organizational.5-05.j hipaa-1424.05j2Organizational.5-05.j 1424.05j2Organizational.5-05.j 14 Third Party Assurance 1424.05j2Organizational.5-05.j 05.02 External Parties Shared n/a The organization has a formal mechanism to authenticate the customer's identity prior to granting access to covered information. 8
NIST_SP_800-53_R4 IA-8(1) NIST_SP_800-53_R4_IA-8(1) NIST SP 800-53 Rev. 4 IA-8 (1) Identification And Authentication Acceptance Of Piv Credentials From Other Agencies Shared n/a The information system accepts and electronically verifies Personal Identity Verification (PIV) credentials from other federal agencies. Supplemental Guidance: This control enhancement applies to logical access control systems (LACS) and physical access control systems (PACS). Personal Identity Verification (PIV) credentials are those credentials issued by federal agencies that conform to FIPS Publication 201 and supporting guidance documents. OMB Memorandum 11-11 requires federal agencies to continue implementing the requirements specified in HSPD-12 to enable agency-wide use of PIV credentials. Related controls: AU-2, PE-3, SA-4. link 1
NIST_SP_800-53_R5 IA-8(1) NIST_SP_800-53_R5_IA-8(1) NIST SP 800-53 Rev. 5 IA-8 (1) Identification and Authentication Acceptance of PIV Credentials from Other Agencies Shared n/a Accept and electronically verify Personal Identity Verification-compliant credentials from other federal agencies. link 1
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA BuiltIn
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693 Regulatory Compliance GA BuiltIn
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f Regulatory Compliance GA BuiltIn
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2022-09-27 16:35:32 change Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40 add 55be3260-a7a2-3c06-7fe6-072d07525ab7
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC