Title

Compliance Guardian must conform to FICAM-issued profiles. (Cat II impact)

Discussion

Without conforming to FICAM-issued profiles, the information system may not be interoperable with FICAM-authentication protocols, such as SAML 2.0 and OpenID 2.0. This requirement addresses open identity management standards.

Check Content

Note: This requirement is Not Applicable is ADFS is not being utilized. Check the Compliance Guardian configuration option for ADFS Integration. - Log on to Compliance Guardian with admin account. - On the Control Panel page in the General Security section, click "Authentication Manager". - Verify that the ADFS Integration option is enabled. If the ADFS Integration is not enabled, this is a finding.

Fix Text

Configure Compliance Guardian to use ADFS Integration. - Log on to Compliance Guardian with admin account. - On the Control Panel page in the General Security section, click "Authentication Manager". - Click "ADFS Integration" to open ADFS Integration Configuration Wizard page and complete the configuration. - Click "Enable" link of the "ADFS Integration" row to enable ADFS Integration. - Back to the Control Panel page in the Account section, click "Users". - Navigate to "Add User" page. - Select "ADFS Claim" from the drop-down list in the "User Type" field. - Select the Claim Name and input the Claim Value in the "How Would You Like To Retrieve User Information" field. - Save the settings.

Additional Identifiers

Rule ID: SV-256847r890151_rule

Vulnerability ID: V-256847

Group Title: SRG-APP-000405

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.