The application must implement basic security behaviors:

Category

Behavior

Authentication

Authenticate using at least a user name and a password.

Authorization

User may only access categories that they are allowed to by role.

Confidentiality

Sensitive data must be encrypted.

Data Integrity

Data sent across the network cannot be modified by a tier.

Auditing

In the later releases we may implement logging of sensitive actions.