Free DISA STIG and SRG Library | Vaulted

V-57519

The application server must accept FICAM-approved third-party credentials.

Finding ID
SRG-APP-000404-AS-000249
Rule ID
SV-71795r2_rule
Severity
Cat II
CCE
(None)
Group Title
SRG-APP-000404-AS-000249
CCI
CCI-002011
Target Key
(None)
Documentable
No
Discussion

Access may be denied to legitimate users if FICAM-approved third-party credentials are not accepted. This requirement typically applies to organizational information systems that are accessible to non-federal government agencies and other partners. This allows federal government relying parties to trust such credentials at their approved assurance levels. Third-party credentials are those credentials issued by non-federal government entities approved by the Federal Identity, Credential, and Access Management (FICAM) Trust Framework Solutions initiative.

Fix Text

Configure the application server to accept FICAM-approved third-party credentials.

Check Content

Review the application server documentation and configuration to determine if the application server accepts FICAM-approved third-party credentials. If the application server does not accept FICAM-approved third-party credentials, this is a finding.