CCI-002013

The organization employs only FICAM-approved information system components in organization-defined information systems to accept third-party credentials.

Implementation Guidance

The organization being inspected/assessed employs only Federal Identity, Credential, and Access Management (FICAM)-approved information system components to accept third-party credentials in information systems defined in IA-8 (3), CCI 2012. FICAM Guidance is available at http://www.idmanagement.gov.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the list of information system components in use to ensure the organization being inspected/assessed uses only FICAM-approved components in information systems defined in IA-8 (3), CCI 2012.

Compelling Evidence

1.) Signed and dated SOP/TTP documentation that the organization employs only Federal Identity, Credential, and Access Management (FICAM)-approved information system components to accept third-party credentials in information systems defined in IA-8 (3), CCI 2012.

The controls below (if any) were marked by NIST as being related to CCI-002013.