Secure Req 4
<< Back to Baseline Functional Requirements Index
SECURE-4. CREDENTIAL PROTECTION
Entities that issue or manage credentials and tokens MUST implement industry-accepted data integrity practices to enable individuals and other entities to verify the source of credential and token data.
When providing token and credential information to users, steps must be taken to allow users to authenticate the source of the information. This can include digital signing of credential information, providing secure transport mechanisms for the information (e.g., properly configured TLS), or delivering the information out of band (e.g., traditional mail or SMS).
FICAM TFPAP Trust Criteria, Registration and Issuance, LOA 2-3, #4 (p.21, 37)