Secure Req 7
<< Back to Baseline Functional Requirements Index
SECURE-7. TOKEN CONTROL
Entities that authenticate a USER MUST employ industry-accepted secure authentication protocols to demonstrate the USER's control of a valid token.
Successful authentication requires that the user prove, through a secure authentication protocol, that he or she controls the appropriate token(s). Control is best demonstrated by a user providing token value through the authentication protocol (e.g., password, PIN, or biometric).
FICAM TFPAP Trust Criteria, Authentication Process, LOA 2, #6 (p.21)