The application server must conform to Federal Identity, Credential, and Access Management (FICAM)-issued profiles.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-204809	SRG-APP-000405-AS-000250	SV-204809r981696_rule		Medium

Description

Without conforming to FICAM-issued profiles, the information system may not be interoperable with FICAM-authentication protocols, such as SAML 2.0 and OpenID 2.0. This requirement addresses open identity management standards.

STIG	Date
Application Server Security Requirements Guide	2025-02-11

Details

Check Text (C-4929r283068_chk)

Review the application server documentation and configuration to determine if the application server conforms to FICAM-issued profiles.

If the application server does not conform to FICAM-issued profiles, this is a finding.

Fix Text (F-4929r283069_fix)

Configure the application server to conform to FICAM-issued profiles.