Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The application server must accept FICAM-approved third-party credentials.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-57519 | SRG-APP-000404-AS-000249 | SV-71795r2_rule | Medium |
| Description |
|---|
| Access may be denied to legitimate users if FICAM-approved third-party credentials are not accepted. This requirement typically applies to organizational information systems that are accessible to non-federal government agencies and other partners. This allows federal government relying parties to trust such credentials at their approved assurance levels. Third-party credentials are those credentials issued by non-federal government entities approved by the Federal Identity, Credential, and Access Management (FICAM) Trust Framework Solutions initiative. |
| STIG | Date |
|---|---|
| Application Server Security Requirements Guide | 2019-01-07 |
Details
| Check Text ( C-58227r1_chk ) |
|---|
| Review the application server documentation and configuration to determine if the application server accepts FICAM-approved third-party credentials. If the application server does not accept FICAM-approved third-party credentials, this is a finding. |
| Fix Text (F-62587r1_fix) |
|---|
| Configure the application server to accept FICAM-approved third-party credentials. |