IA-8(3): Use Of Ficam-Approved Products

CSF v1.1 References:

Threats Addressed:


  • Low
  • Moderate
  • High
Warning icon.

Control is withdrawn in the next version of this control set and incorporated into: IA-8(2): Acceptance of External Authenticators.

Control Statement

The organization employs only FICAM-approved information system components in [Assignment: organization-defined information systems] to accept third-party credentials.

Supplemental Guidance

This control enhancement typically applies to information systems that are accessible to the general public, for example, public-facing websites. FICAM-approved information system components include, for example, information technology products and software libraries that have been approved by the Federal Identity, Credential, and Access Management conformance program.