Secure Req 6: Difference between revisions
m (8 revisions imported: Initial Upload of old pages from IDESG Wiki) |
(No difference)
|
Latest revision as of 04:03, 28 June 2018
<< Back to Baseline Functional Requirements Index
SECURE-6. CREDENTIAL UNIQUENESS
Entities that issue or manage credentials MUST ensure that each account to credential pairing is uniquely identifiable within its namespace for authentication purposes.
SUPPLEMENTAL GUIDANCE
A unique identifier must be assigned to each pairing of associated account and credential. This is to be used for the purposes of binding registration information with credentials in order to facilitate authentication and to avoid collisions of identifiers in the namespace.
REFERENCES
FICAM TFPAP Trust Criteria, Security, LOA 1-3, #1 (p.19), ISO 27002 (2005) Section 11 (Access Control), FFIEC, PCI-DSS 8.1 (http://pcidsscompliance.net/pci-dss-requirements/how-to-comply-to-requirement-8-of-pci-dss/)
APPLIES TO ACTIVITIES
KEYWORDS
CREDENTIAL, IDENTIFIER, PROVISIONING, SECURITY
Quick Links: SALS | Baseline Functional Requirements v1.0 | Glossary |