Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Application Security and Development Security Technical Implementation Guide
SRG-APP-000404
The application must accept Federal Identity, Credential, and Access Management (FICAM)-approved third-party credentials.
The application must accept Federal Identity, Credential, and Access Management (FICAM)-approved third-party credentials.
An XCCDF Rule
Details
Profiles
Prose
The application must accept Federal Identity, Credential, and Access Management (FICAM)-approved third-party credentials.
Medium Severity
<VulnDiscussion>FICAM establishes a federated identity framework for the federal government. FICAM provides government-wide services for common Identity, Credential and Access Management (ICAM) requirements. The FICAM Trust Framework Solutions (TFS) is the federated identity framework for the U.S. federal government. The TFS is a process by which Industry Trust Frameworks (The codification of requirements for credentials and their issuance, privacy and security requirements, as well as auditing qualifications and processes) are evaluated and assessed for potential use by the government. A Trust Framework that is comparable to federal standards is adopted through this process, which allows federal government Relying Parties (Federal Government websites or RP's) to trust Credential Service Providers (a.k.a. Identity Providers) that have been assessed under that particular trust framework. This allows federal government relying parties to trust such credentials at their approved assurance levels. This requirement only applies to applications that are intended to be accessible to nonfederal government agencies and other partners through FICAM. Third-party credentials are those credentials issued by nonfederal government entities approved by the FICAM TFS initiative.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>