Compliance Guardian must conform to FICAM-issued profiles.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-256847 | SRG-APP-000405 | APCG-00-000040 | SV-256847r890151_rule | 2023-02-21 | 1 |
| Description |
|---|
| Without conforming to FICAM-issued profiles, the information system may not be interoperable with FICAM-authentication protocols, such as SAML 2.0 and OpenID 2.0. This requirement addresses open identity management standards. |
| ℹ️ Check |
|---|
| Note: This requirement is Not Applicable is ADFS is not being utilized. Check the Compliance Guardian configuration option for ADFS Integration. - Log on to Compliance Guardian with admin account. - On the Control Panel page in the General Security section, click "Authentication Manager". - Verify that the ADFS Integration option is enabled. If the ADFS Integration is not enabled, this is a finding. |
| ✔️ Fix |
|---|
| Configure Compliance Guardian to use ADFS Integration. - Log on to Compliance Guardian with admin account. - On the Control Panel page in the General Security section, click "Authentication Manager". - Click "ADFS Integration" to open ADFS Integration Configuration Wizard page and complete the configuration. - Click "Enable" link of the "ADFS Integration" row to enable ADFS Integration. - Back to the Control Panel page in the Account section, click "Users". - Navigate to "Add User" page. - Select "ADFS Claim" from the drop-down list in the "User Type" field. - Select the Claim Name and input the Claim Value in the "How Would You Like To Retrieve User Information" field. - Save the settings. |