oscal-component.yaml

        description: Keycloak event logs include Time, Event Type, Details (Client,
          User, IP Address). Events are shipped to logging.
      - uuid: ab565bfa-78a5-43e6-98cc-ba801a16b980
        control-id: au-4
        description: Keycloak events can be both saved to database and shipped to
          logging server. Both systems are external to Keycloaks application server.
      - uuid: 24b14c71-b4bd-402f-aba6-80056e1b6fec
        control-id: au-7
        description: Keycloak provides audit records for compliance that qualify for
          this control.
      - uuid: e528b2ec-6895-432d-acf1-b33e0f8455f5
        control-id: au-7.1
        description: Within Keycloak records, sorting and searching are supported.
      - uuid: ed7026d7-4257-44e6-919c-73e5f8a86be5
        control-id: au-8
        description: Keycloak saves timestamps in event logs
      - uuid: 92b5e2c1-cb7c-4f38-ba5b-22b617b15020
        control-id: au-9
        description: Keycloak provides RBAC to restrict management of logs.
      - uuid: 71c0d1c7-f9a5-4439-829b-8976749481eb
        control-id: au-9.4
        description: Keycloak provides RBAC to restrict management of logs.
      - uuid: 0b7b466e-e33c-4fa0-8979-a82da5fadc32
        control-id: ia-2
        description: Keycloak supports control through its IAM/SSO service.
      - uuid: ff98831e-de87-4f0d-b42f-3af08a6caff6
        control-id: ia-2.1
        description: Keycloak supports MFA using mobile and x509 mTLS for both privileged
          and non-privileged account management.
      - uuid: e0fbd222-d6ae-4729-a262-7c795dd6a628
        control-id: ia-2.2
        description: Keycloak supports MFA using mobile and x509 mTLS for both privileged
          and non-privileged account management.
      - uuid: 441d2bbd-b7ee-46e9-8110-f0fda67a2c90
        control-id: ia-2.5
        description: Keycloak provides build-in functionality to support control.
      - uuid: 5c163729-a954-43ca-a035-6040b0526ccd
        control-id: ia-2.12
        description: Keycloak supports PIV credentials
      - uuid: 084779e8-542d-4def-936b-69fd1fb7f266
        control-id: ia-3
        description: Keycloak provides built-in functionality to support control.
      - uuid: 7a4c2837-a205-4b9c-b850-a8afec580275
        control-id: ia-4
        description: Keycloak provides built-in functionality to support control.
      - uuid: ce397926-ec86-491c-82f6-db7e2e164a0d
        control-id: ia-4.4
        description: Keycloak provides built-in functionality to support control.
      - uuid: 7cee87f8-165f-4631-96f5-b2876df0e88a
        control-id: ia-5.1
        description: Keycloak provides password-policies to support control. https://github.com/keycloak/keycloak-documentation/blob/main/server_admin/topics/authentication/password-policies.adoc
      - uuid: 56d5209f-e279-4f67-b6e9-9a814695dda9
        control-id: ia-5.2
        description: Keycloak supports OCSP checking, and truststore/chain validation
          for x509 PKI access.
      - uuid: 8d858e85-710e-46aa-b6fd-98013480c2b6
        control-id: ia-8.1
        description: Keycloak supports authenicating non-orgaizational users through
          supporting mTLS signed by external certificate authorities.
      - uuid: c2976939-842a-4efc-afd3-11dc9892fb86
        control-id: ia-11
        description: Keycloak supports OIDC/SAML which support expiration dates in
          tokens/assertions.
  back-matter:
    resources:
    - uuid: C322D234-BD2A-4332-B8A9-54D45E7148B8
      title: Big Bang
      rlinks:
      - href: https://repo1.dso.mil/big-bang/bigbang