Skip to content

Commit 70fd1a8

Browse files
v-edmckillopv-edmckillop
authored
Update fedramp-identification-and-authentication-controls.md
1 parent b84fdff commit 70fd1a8

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

articles/active-directory/standards/fedramp-identification-and-authentication-controls.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -59,7 +59,7 @@ Each row in the following table provides prescriptive guidance to help you devel
5959
| **IA-7 Cryptographic Module Authentication**<br>The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication. | **Implement mechanisms for authentication to a cryptographic module that meets applicable federal laws.**<p>The FedRAMP High Impact level requires the AAL3 authenticator. All authenticators supported by Azure AD at AAL3 provide mechanisms to authenticate operator access to the module as required. For example, in a Windows Hello for Business deployment with hardware TPM, configure the level of TPM owner authorization.<p> Resources<br><li>For more information, see IA-02 (2 and 4).<br> <li>[Achieving NIST authenticator assurance levels with the Microsoft identity platform](nist-overview.md) <br> <li>[TPM Group Policy settings](/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings) |
6060
| **IA-8 Identification and Authentication (Non-Organizational Users)**<br>The information system uniquely identifies and authenticates non-organizational users (or processes acting on behalf of non-organizational users). | **The information system uniquely identifies and authenticates non-organizational users (or processes acting for non-organizational users).**<p>Azure AD uniquely identifies and authenticates non-organizational users homed in the organizations tenant or in external directories by using Federal Identity, Credential, and Access Management (FICAM)-approved protocols.<p>Resources<br><li>[What is B2B collaboration in Azure Active Directory?](../external-identities/what-is-b2b.md)<br> <li>[Direct federation with an identity provider for B2B](../external-identities/direct-federation.md)<br> <li>[Properties of a B2B guest user](../external-identities/user-properties.md) |
6161
| **IA-8(1)**<br>The information system accepts and electronically verifies Personal Identity Verification (PIV) credentials from other federal agencies.<br><br>**IA-8(4)**<br>The information system conforms to FICAM-issued profiles. | **Accept and verify PIV credentials issued by other federal agencies. Conform to the profiles issued by the FICAM.**<p>Configure Azure AD to accept PIV credentials via federation (OIDC, SAML) or locally via integrated Windows authentication.<p>Resources<br> <li>[What is federation with Azure AD?](../hybrid/whatis-fed.md)<br> <li>[Configure AD FS support for user certificate authentication](/windows-server/identity/ad-fs/operations/configure-user-certificate-authentication)<br><li>[What is B2B collaboration in Azure Active Directory?](../external-identities/what-is-b2b.md)<br> <li>[Direct federation with an identity provider for B2B](../external-identities/direct-federation.md) |
62-
| **IA-8(2)**<br>The information system accepts only FICAM-approved third-party credentials. | **Accept only FICAM-approved credentials.**<p>Azure AD supports authenticators at NIST AALs 1, 2, and 3. Restrict the use of authenticators commensurate with the security category of the system being accessed. <p>Azure AD supports a wide variety of authentication methods.<p>Resources<br> <li>[What authentication and verification methods are available in Azure Active Directory?](../authentication/concept-authentication-methods.md)<br> <li>[Azure AD authentication methods policy API overview](/graph/api/resources/authenticationmethodspolicies-overview)<br> <li>[Achieving NIST authenticator assurance levels with the Microsoft identity platform](https://azure.microsoft.com/resources/microsoft-nist/) |
62+
| **IA-8(2)**<br>The information system accepts only FICAM-approved third-party credentials. | **Accept only FICAM-approved credentials.**<p>Azure AD supports authenticators at NIST AALs 1, 2, and 3. Restrict the use of authenticators commensurate with the security category of the system being accessed. <p>Azure AD supports a wide variety of authentication methods.<p>Resources<br> <li>[What authentication and verification methods are available in Azure Active Directory?](../authentication/concept-authentication-methods.md)<br> <li>[Azure AD authentication methods policy API overview](/graph/api/resources/authenticationmethodspolicies-overview)<br> <li>[Achieving NIST authenticator assurance levels with the Microsoft identity platform](https://azure.microsoft.com/resources/microsoft-nist/) &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|
6363

6464
## Next steps
6565

0 commit comments

Comments
 (0)