Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Application Security and Development Security Technical Implementation Guide
SRG-APP-000405
The application must conform to Federal Identity, Credential, and Access Management (FICAM)-issued profiles.
The application must conform to Federal Identity, Credential, and Access Management (FICAM)-issued profiles.
An XCCDF Rule
Details
Profiles
Prose
The application must conform to Federal Identity, Credential, and Access Management (FICAM)-issued profiles.
Medium Severity
<VulnDiscussion>FICAM establishes a federated identity framework for the federal government. FICAM provides government-wide services for common Identity, Credential, and Access Management (ICAM) requirements. The FICAM Trust Framework Solutions (TFS) is the federated identity framework for the U.S. federal government. The TFS is a process by which Industry Trust Frameworks (The codification of requirements for credentials and their issuance, privacy and security requirements, as well as auditing qualifications and processes) are evaluated and assessed for potential use by the government. This requirement only applies to applications that are intended to be accessible to nonfederal government agencies and other partners or nonorganizational (non-DOD) users. Without conforming to FICAM-issued profiles, the information system may not be interoperable with FICAM-authentication protocols, such as SAML 2.0, OpenID 2.0 or other protocols such as the FICAM backend Attribute Exchange. This requirement addresses open identity management standards. More information regarding these standards is available here: info.idmanagement.gov/2012/10/what-are-ficam-technical-profiles-and.html</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>