Secure Req 7

From IDESG Wiki
Jump to: navigation, search

<< Back to Baseline Functional Requirements Index

SECURE-7. TOKEN CONTROL

Entities that authenticate a USER MUST employ industry-accepted secure authentication protocols to demonstrate the USER's control of a valid token.

SUPPLEMENTAL GUIDANCE

Successful authentication requires that the user prove, through a secure authentication protocol, that he or she controls the appropriate token(s). Control is best demonstrated by a user providing token value through the authentication protocol (e.g., password, PIN, or biometric).

REFERENCES

FICAM TFPAP Trust Criteria, Authentication Process, LOA 2, #6 (p.21)

APPLIES TO ACTIVITIES

AUTHENTICATION

KEYWORDS

CONTROLS, IDENTIFIER, PROVISIONING, SECURITY, TOKEN



Quick Links: SALS | Baseline Functional Requirements v1.0 | Glossary |