Secure Req 4

From IDESG Wiki
Jump to: navigation, search

<< Back to Baseline Functional Requirements Index

SECURE-4. CREDENTIAL PROTECTION

Entities that issue or manage credentials and tokens MUST implement industry-accepted data integrity practices to enable individuals and other entities to verify the source of credential and token data.

SUPPLEMENTAL GUIDANCE

When providing token and credential information to users, steps must be taken to allow users to authenticate the source of the information. This can include digital signing of credential information, providing secure transport mechanisms for the information (e.g., properly configured TLS), or delivering the information out of band (e.g., traditional mail or SMS).

REFERENCES

FICAM TFPAP Trust Criteria, Registration and Issuance, LOA 2-3, #4 (p.21, 37)

APPLIES TO ACTIVITIES

CREDENTIALING

KEYWORDS

CREDENTIAL, DATA-INTEGRITY, SECURITY, TOKEN



Quick Links: SALS | Baseline Functional Requirements v1.0 | Glossary |