PR.AA-04: Identity assertions are protected, conveyed, and verified
Ex1: Protect identity assertions that are used to convey authentication and user information through single sign-on systems
Ex2: Protect identity assertions that are used to convey authentication and user information between federated systems
Ex3: Implement standards-based approaches for identity assertions in all contexts, and follow all guidance for the generation (e.g., data models, metadata), protection (e.g., digital signing, encryption), and verification (e.g., signature validation) of identity assertions
Tier
Description
Identity assertions are protected, conveyed, and verified