Secure Req 3

From IDESG Wiki
Revision as of 04:03, 28 June 2018 by Omaerz (talk | contribs) (7 revisions imported: Initial Upload of old pages from IDESG Wiki)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

<< Back to Baseline Functional Requirements Index

SECURE-3. CREDENTIAL REPRODUCTION

Entities that issue or manage credentials and tokens MUST implement industry-accepted processes to protect against their unauthorized disclosure and reproduction.

SUPPLEMENTAL GUIDANCE

Potential controls that can be put in place to prevent unauthorized disclosure and reproduction include:

  • The use of secure transport for credential and token data (see SECURE-2 (DATA INTEGRITY));
  • Implementation of industry accepted cryptographic techniques for the storage of credential and token data (see SECURE-2 (DATA INTEGRITY));
  • Implementation of industry accepted key management and protection techniques (see SECURE-11 (KEY MANAGEMENT));
  • Out-of-band distribution of credentials or tokens;
  • In-person issuance of credentials or tokens; and
  • Anti-tampering and/or counterfeiting mechanism for tokens with a physical instantiation

REFERENCES

FICAM TFPAP Trust Criteria, Registration and Issuance, LOA 2-3, #3 (p.21, 37)

APPLIES TO ACTIVITIES

CREDENTIALING

KEYWORDS

CREDENTIAL, DATA-INTEGRITY, DUPLICATION, PROCESS, SECURITY, TOKEN

Quick Links: SALS | Baseline Functional Requirements v1.0 | Glossary |

Retrieved from "https://wiki.idesg.org/index.php?title=Secure_Req_3&oldid=6618"