The VMM must accept only external credentials that are NIST-compliant.

Description

<VulnDiscussion>Acceptance of only NIST-compliant external authenticators applies to organizational systems that are accessible to the public (e.g., public-facing websites). External authenticators are issued by nonfederal government entities and are compliant with [SP 800-63B]. Approved external authenticators meet or exceed the minimum federal government-wide technical, security, privacy, and organizational maturity requirements. Meeting or exceeding federal requirements allows federal government relying parties to trust external authenticators in connection with an authentication transaction at a specified authenticator assurance level.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>