CCI-001943

The organization defines the information system accounts for which single sign-on capability will be provided.

Implementation Guidance

The organization being inspected/assessed defines and documents any accounts for which a single sign-on capability is provided. For single sign-on providers (creator/maintainer of the single sign-on user accounts) this will be a list of accounts or groups that are authorized to use single sign-on capability. For single sign-on services this will be a per provider list of accounts or groups authorized to use the service. DoD has determined the system services are not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented list of system accounts to ensure the organization being inspected/assessed defines any accounts for which a single sign-on capability is provided. DoD has determined the system services are not appropriate to define at the Enterprise level.

Compelling Evidence

1.) Policy to define which systems have single sign-on capability 2.) List of system accounts or groups that are authorized to use single sign-on capability

The controls below (if any) were marked by NIST as being related to CCI-001943.