The application must implement basic security behaviors:
Category |
Behavior |
|---|---|
Authentication |
Authenticate using at least a user name and a password. |
Authorization |
User may only access categories that they are allowed to by role. |
Confidentiality |
Sensitive data must be encrypted. |
Data Integrity |
Data sent across the network cannot be modified by a tier. |
Auditing |
In the later releases we may implement logging of sensitive actions. |
