Secure Req 3

From IDESG Wiki
Jump to navigation Jump to search

<< Back to Baseline Functional Requirements Index

SECURE-3. CREDENTIAL REPRODUCTION

Entities that issue or manage credentials and tokens MUST implement industry-accepted processes to protect against their unauthorized disclosure and reproduction.

SUPPLEMENTAL GUIDANCE

Potential controls that can be put in place to prevent unauthorized disclosure and reproduction include:

  • The use of secure transport for credential and token data (see SECURE-2 (DATA INTEGRITY));
  • Implementation of industry accepted cryptographic techniques for the storage of credential and token data (see SECURE-2 (DATA INTEGRITY));
  • Implementation of industry accepted key management and protection techniques (see SECURE-11 (KEY MANAGEMENT));
  • Out-of-band distribution of credentials or tokens;
  • In-person issuance of credentials or tokens; and
  • Anti-tampering and/or counterfeiting mechanism for tokens with a physical instantiation

REFERENCES

FICAM TFPAP Trust Criteria, Registration and Issuance, LOA 2-3, #3 (p.21, 37)

APPLIES TO ACTIVITIES

CREDENTIALING

KEYWORDS

CREDENTIAL, DATA-INTEGRITY, DUPLICATION, PROCESS, SECURITY, TOKEN



Quick Links: SALS | Baseline Functional Requirements v1.0 | Glossary |