The VMM must accept only external credentials that are NIST-compliant.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-264322	SRG-OS-000745	SRG-OS-000745-VMM-000210	SV-264322r984281_rule	2024-12-06	2

Description
Acceptance of only NIST-compliant external authenticators applies to organizational systems that are accessible to the public (e.g., public-facing websites). External authenticators are issued by nonfederal government entities and are compliant with [SP 800-63B]. Approved external authenticators meet or exceed the minimum federal government-wide technical, security, privacy, and organizational maturity requirements. Meeting or exceeding federal requirements allows federal government relying parties to trust external authenticators in connection with an authentication transaction at a specified authenticator assurance level.

Description

Acceptance of only NIST-compliant external authenticators applies to organizational systems that are accessible to the public (e.g., public-facing websites). External authenticators are issued by nonfederal government entities and are compliant with [SP 800-63B]. Approved external authenticators meet or exceed the minimum federal government-wide technical, security, privacy, and organizational maturity requirements. Meeting or exceeding federal requirements allows federal government relying parties to trust external authenticators in connection with an authentication transaction at a specified authenticator assurance level.

ℹ️ Check
Verify the VMM is configured to accept only external credentials that are NIST-compliant. If the VMM is not configured to accept only external credentials that are NIST-compliant, this is a finding.

✔️ Fix
Configure the VMM to accept only external credentials that are NIST-compliant.