Secure Req 6: Difference between revisions

From IDESG Wiki
Jump to navigation Jump to search
m (8 revisions imported: Initial Upload of old pages from IDESG Wiki)
 
(No difference)

Latest revision as of 04:03, 28 June 2018

<< Back to Baseline Functional Requirements Index

SECURE-6. CREDENTIAL UNIQUENESS

Entities that issue or manage credentials MUST ensure that each account to credential pairing is uniquely identifiable within its namespace for authentication purposes.

SUPPLEMENTAL GUIDANCE

A unique identifier must be assigned to each pairing of associated account and credential. This is to be used for the purposes of binding registration information with credentials in order to facilitate authentication and to avoid collisions of identifiers in the namespace.

REFERENCES

FICAM TFPAP Trust Criteria, Security, LOA 1-3, #1 (p.19), ISO 27002 (2005) Section 11 (Access Control), FFIEC, PCI-DSS 8.1 (http://pcidsscompliance.net/pci-dss-requirements/how-to-comply-to-requirement-8-of-pci-dss/)

APPLIES TO ACTIVITIES

CREDENTIALING, AUTHENTICATION

KEYWORDS

CREDENTIAL, IDENTIFIER, PROVISIONING, SECURITY



Quick Links: SALS | Baseline Functional Requirements v1.0 | Glossary |