Secure Req 4

From IDESG Wiki
Revision as of 04:03, 28 June 2018 by Omaerz (talk | contribs) (8 revisions imported: Initial Upload of old pages from IDESG Wiki)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

<< Back to Baseline Functional Requirements Index

SECURE-4. CREDENTIAL PROTECTION

Entities that issue or manage credentials and tokens MUST implement industry-accepted data integrity practices to enable individuals and other entities to verify the source of credential and token data.

SUPPLEMENTAL GUIDANCE

When providing token and credential information to users, steps must be taken to allow users to authenticate the source of the information. This can include digital signing of credential information, providing secure transport mechanisms for the information (e.g., properly configured TLS), or delivering the information out of band (e.g., traditional mail or SMS).

REFERENCES

FICAM TFPAP Trust Criteria, Registration and Issuance, LOA 2-3, #4 (p.21, 37)

APPLIES TO ACTIVITIES

CREDENTIALING

KEYWORDS

CREDENTIAL, DATA-INTEGRITY, SECURITY, TOKEN

Quick Links: SALS | Baseline Functional Requirements v1.0 | Glossary |

Retrieved from "https://wiki.idesg.org/index.php?title=Secure_Req_4&oldid=6627"