https://wiki.idesg.org/index.php?action=history&feed=atom&title=Secure_Req_5Secure Req 5 - Revision history2026-05-01T09:43:23ZRevision history for this page on the wikiMediaWiki 1.38.4https://wiki.idesg.org/index.php?title=Secure_Req_5&diff=6637&oldid=prevOmaerz: 9 revisions imported: Initial Upload of old pages from IDESG Wiki2018-06-28T04:03:36Z<p>9 revisions imported: Initial Upload of old pages from IDESG Wiki</p>
<p><b>New page</b></p><div>''<< Back to [[Baseline_Functional_Requirements_v1.0|Baseline Functional Requirements Index]]''<br />
<br />
== SECURE-5. CREDENTIAL ISSUANCE ==<br />
Entities that issue or manage credentials and tokens MUST do so in a manner designed to assure that<br />
they are granted to the appropriate and intended [[IDEF Glossary USERS|USER]](s) only. Where registration and credential<br />
issuance are executed by separate entities, procedures for ensuring accurate exchange of registration<br />
and issuance information that are commensurate with the stated assurance level MUST be included<br />
in business agreements and operating policies.<br />
<br />
=== SUPPLEMENTAL GUIDANCE ===<br />
Procedures exist to ensure the user(s) who receives the credential and associated tokens is the same<br />
user(s) who participated in registration. These can include: <br />
* The use of secure transport for credential and token data (see SECURE-2 (DATA INTEGRITY)); <br />
* Out-of-band distribution of credentials or tokens;<br />
* In-person issuance of credentials or tokens.<br />
<br />
Attribute verification (i.e., identity proofing) done during registration must be robust enough to<br />
provide sufficient confidence in the identity to support the intended use(s) of the credential.<br />
Subsequent attribute verification (i.e., proofing) must be executed in a manner consistent with<br />
intended use of the attributes.<br />
<br />
=== REFERENCES ===<br />
FICAM TFPAP Trust Criteria, Registration and Issuance, LOA 2-3, #4 (p.21, 37)<br />
<br />
=== APPLIES TO ACTIVITIES ===<br />
[[IDEF Functional Model CREDENTIALING|CREDENTIALING]]<br />
<br />
=== KEYWORDS ===<br />
[[IDEF Keywords CREDENTIAL|CREDENTIAL]], [[IDEF Keywords DATA-INTEGRITY|DATA-INTEGRITY]], [[IDEF Keywords PROCESS|PROCESS]], [[IDEF Keywords PROVISIONING|PROVISIONING]], [[IDEF Keywords SECURITY|SECURITY]], [[IDEF Keywords TOKEN|TOKEN]]<br />
----<br />
----<br />
Quick Links: [[SALS]] | [[Baseline Functional Requirements v1.0]] | [[Glossary]] |<br />
<br />
----<br />
----</div>Omaerz