NIST 800-53 REV 5 • IDENTIFICATION AND AUTHENTICATION

IA-8(3)Use of FICAM-approved Products

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Practitioner Notes

This enhancement was incorporated into IA-8(2). It previously required using FICAM-approved products for identity and access management of non-organizational users.

Example 1: Select your identity provider and MFA solutions from the FICAM-approved products list to ensure they meet federal interoperability requirements.

Example 2: Use Login.gov — a FICAM-approved service — as the authentication front end for public-facing federal applications.

More Identification and Authentication Controls

IA-1 Policy and Procedures IA-2 Identification and Authentication (Organizational Users) IA-2(1) Multi-factor Authentication to Privileged Accounts IA-2(2) Multi-factor Authentication to Non-privileged Accounts