AzPolicyAdvertizer

last sync: 2024-Nov-25 18:54:24 UTC

Employ FICAM-approved resources to accept third-party credentials | Regulatory Compliance - Operational

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

Employ FICAM-approved resources to accept third-party credentials

db8b35d6-8adb-3f51-44ff-c648ab5b1530

Version

1.1.0
Details on versioning

Versioning

Versions supported for Versioning: 1
1.1.0
Built-in Versioning [Preview]

Category

Regulatory Compliance
Microsoft Learn

Description

CMA_C1349 - Employ FICAM-approved resources to accept third-party credentials

Additional metadata

Name/Id: CMA_C1349 / CMA_C1349
Category: Operational
Title: Employ FICAM-approved resources to accept third-party credentials
Ownership: Customer
Description: The customer is responsible for employing only Federal Identity, Credential, and Access Management (FICAM) Trust Framework Solutions initiative approved resources for accepting third-party credentials. Note: if the customer's deployed resources do not allow third-party credentials this control is not applicable.
Requirements: The customer is responsible for implementing this recommendation.

Mode

All

Type

BuiltIn

Preview

False

Deprecated

False

Effect

Default
Manual
Allowed
Manual, Disabled

RBAC role(s)

none

Rule aliases

none

Rule resource types

IF (1)
Microsoft.Resources/subscriptions

Compliance

The following 5 compliance controls are associated with this Policy definition 'Employ FICAM-approved resources to accept third-party credentials' (db8b35d6-8adb-3f51-44ff-c648ab5b1530)

Control Domain	Control	Name	MetadataId	Category	Title	Owner	Requirements	Description	Info	Policy#
FedRAMP_High_R4	IA-8(3)	FedRAMP_High_R4_IA-8(3)	FedRAMP High IA-8 (3)	Identification And Authentication	Use Of Ficam-Approved Products	Shared	n/a	The organization employs only FICAM-approved information system components in [Assignment: organization-defined information systems] to accept third-party credentials. Supplemental Guidance: This control enhancement typically applies to information systems that are accessible to the general public, for example, public-facing websites. FICAM-approved information system components include, for example, information technology products and software libraries that have been approved by the Federal Identity, Credential, and Access Management conformance program. Related control: SA-4.	link	1
FedRAMP_Moderate_R4	IA-8(3)	FedRAMP_Moderate_R4_IA-8(3)	FedRAMP Moderate IA-8 (3)	Identification And Authentication	Use Of Ficam-Approved Products	Shared	n/a	The organization employs only FICAM-approved information system components in [Assignment: organization-defined information systems] to accept third-party credentials. Supplemental Guidance: This control enhancement typically applies to information systems that are accessible to the general public, for example, public-facing websites. FICAM-approved information system components include, for example, information technology products and software libraries that have been approved by the Federal Identity, Credential, and Access Management conformance program. Related control: SA-4.	link	1
hipaa	1122.01q1System.1-01.q	hipaa-1122.01q1System.1-01.q	1122.01q1System.1-01.q	11 Access Control	1122.01q1System.1-01.q 01.05 Operating System Access Control	Shared	n/a	Unique IDs that can be used to trace activities to the responsible individual are required for all types of organizational and non-organizational users.		7
hipaa	1424.05j2Organizational.5-05.j	hipaa-1424.05j2Organizational.5-05.j	1424.05j2Organizational.5-05.j	14 Third Party Assurance	1424.05j2Organizational.5-05.j 05.02 External Parties	Shared	n/a	The organization has a formal mechanism to authenticate the customer's identity prior to granting access to covered information.		8
NIST_SP_800-53_R4	IA-8(3)	NIST_SP_800-53_R4_IA-8(3)	NIST SP 800-53 Rev. 4 IA-8 (3)	Identification And Authentication	Use Of Ficam-Approved Products	Shared	n/a	The organization employs only FICAM-approved information system components in [Assignment: organization-defined information systems] to accept third-party credentials. Supplemental Guidance: This control enhancement typically applies to information systems that are accessible to the general public, for example, public-facing websites. FICAM-approved information system components include, for example, information technology products and software libraries that have been approved by the Federal Identity, Credential, and Access Management conformance program. Related control: SA-4.	link	1

Initiatives usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type
FedRAMP High	d5264498-16f4-418a-b659-fa7ef418175f	Regulatory Compliance	GA	BuiltIn
FedRAMP Moderate	e95f5a9f-57ad-4d03-bb0b-b1d16db93693	Regulatory Compliance	GA	BuiltIn
HITRUST/HIPAA	a169a624-5599-4385-a696-c8d643089fab	Regulatory Compliance	GA	BuiltIn
NIST SP 800-53 Rev. 4	cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f	Regulatory Compliance	GA	BuiltIn

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2022-09-27 16:35:32	change	Minor (1.0.0 > 1.1.0)
2022-09-19 17:41:40	add	db8b35d6-8adb-3f51-44ff-c648ab5b1530

JSON compare

compare mode: version left: version right:

JSON

api-version=2021-06-01
EPAC