Secure Req 13: Difference between revisions
m (8 revisions imported: Initial Upload of old pages from IDESG Wiki) |
(No difference)
|
Latest revision as of 04:03, 28 June 2018
<< Back to Baseline Functional Requirements Index
SECURE-13. REVOCATION
Entities that issue credentials or tokens MUST have processes and procedures in place to invalidate credentials and tokens.
SUPPLEMENTAL GUIDANCE
Service Providers must be capable of revoking, deactivating, or otherwise invalidating credentials or tokens. Invalidated credentials include those that have expired, have been determined to be compromised, or have been canceled by either the issuing entity or user.
Timeliness of revocation and deactivation may be dictated by regulation, environment, or trust frameworks.
REFERENCES
FICAM TFPAP Trust Criteria, Token & Credential Management, LOA 2-3, #4 (p.32)
APPLIES TO ACTIVITIES
KEYWORDS
CREDENTIAL, EXPIRY, LOSS, PROCESS, REVOCATION, SECURITY, TOKEN
Quick Links: SALS | Baseline Functional Requirements v1.0 | Glossary |