Question AAAI-01
Does your solution support single sign-on (SSO) protocols for user and administrator authentication?
Weight | 25 |
High Risk | Yes |
Required | Yes |
Compliant Answer | 1 |
Standard Guidance
Answer "Yes" only if user AND administrator authentication is supported. If partially supported, answer "No." Ensure you respond to any guidance in the Additional Information column.
Answering "NO"
Describe plans to support strong authentication practices.
Answering "YES"
Describe how strong authentication is enforced (e.g., complex passwords, multifactor tokens, certificates, biometrics, aging requirements, re-use policy).
Reason for Question
This question is to set account management expectations for the institution. A system that can integrate with existing, vetted solutions has its advantages and may have less administrative overhead. Also, adherence to standards here gives credit to other standards-oriented questions/responses.
Follow-Up Inquiries
Follow-up inquiries for IAM requirements will be institution/implementation specific.
HECVAT Pro Advice
[Add expert insights and best practices]
Implementation Tips
[Add practical steps for SME SaaS vendors]
FAQ
[Add common questions related to this HECVAT item]
Resources
[Add links to relevant articles or tools]