Secure Req 4: Difference between revisions
m (8 revisions imported: Initial Upload of old pages from IDESG Wiki) |
(No difference)
|
Latest revision as of 04:03, 28 June 2018
<< Back to Baseline Functional Requirements Index
SECURE-4. CREDENTIAL PROTECTION
Entities that issue or manage credentials and tokens MUST implement industry-accepted data integrity practices to enable individuals and other entities to verify the source of credential and token data.
SUPPLEMENTAL GUIDANCE
When providing token and credential information to users, steps must be taken to allow users to authenticate the source of the information. This can include digital signing of credential information, providing secure transport mechanisms for the information (e.g., properly configured TLS), or delivering the information out of band (e.g., traditional mail or SMS).
REFERENCES
FICAM TFPAP Trust Criteria, Registration and Issuance, LOA 2-3, #4 (p.21, 37)
APPLIES TO ACTIVITIES
KEYWORDS
CREDENTIAL, DATA-INTEGRITY, SECURITY, TOKEN
Quick Links: SALS | Baseline Functional Requirements v1.0 | Glossary |