The application server must accept Federal Identity, Credential, and Access Management (FICAM)-approved third-party credentials.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-204808 | SRG-APP-000404-AS-000249 | SV-204808r981695_rule | CCI-004083 | medium |
| Description | ||||
| Access may be denied to legitimate users if FICAM-approved third-party credentials are not accepted. This requirement typically applies to organizational information systems that are accessible to non-federal government agencies and other partners. This allows federal government relying parties to trust such credentials at their approved assurance levels. Third-party credentials are those credentials issued by nonfederal government entities approved by the FICAM Trust Framework Solutions initiative. | ||||
| STIG | Date | |||
| Application Server Security Requirements Guide | 2025-02-11 | |||
Details
Check Text (C-204808r981695_chk)
Review the application server documentation and configuration to determine if the application server accepts FICAM-approved third-party credentials.
If the application server does not accept FICAM-approved third-party credentials, this is a finding.
Fix Text (F-4928r283066_fix)
Configure the application server to accept FICAM-approved third-party credentials.