Secure transmission shall be achieved through the use of secure socket layer (SSL) technology with a minimum of 128 bit encryption.

The identity of each registry shall be authenticated using digital certificates for the requests originating from the Community independent transaction log. The identity of the Community independent transaction log shall be authenticated using digital certificates for each request originating from a registry. The identity of each registry shall be authenticated using a user name and password for each request originating from a registry. The identity of the Community independent transaction log shall be authenticated using a user name and password for each request originating from the Community independent transaction log. Digital certificates shall be registered as valid by the certification authority. Secure systems shall be used to store the digital certificates and usernames and passwords, and access shall be limited. Usernames and passwords shall have a minimum length of 10 characters and shall comply with the hypertext transfer protocol (HTTP) basic authentication scheme (http://www.ietf.org/rfc/rfc2617.txt).

Secure transmission shall be achieved through the use of secure socket layer (SSL) technology with a minimum of 128 bit encryption.

The identity of each authorised representative shall be authenticated through the use of usernames and passwords, which are registered as valid by the registry.

At any time, each authorised representative shall have a unique username and a unique password.

The registry administrator shall maintain a list of all authorised representatives who have been granted access to the registry and their access rights within that registry.

The number of authorised representatives of the Central Administrator and registry administrator shall be kept to a minimum and access rights shall be allocated solely on the basis of enabling administrative tasks to be performed.

Any default vendor passwords with Central Administrator or registry administrator access rights shall be changed immediately after installation of the software and hardware for the Community independent transaction log or registry.

Authorised representatives shall be required to change any temporary passwords they have been given upon accessing the secure area of the Community independent transaction log or registry for the first time, and thereafter shall be required to change their passwords every two months at a minimum.

The password management system shall maintain a record of previous passwords for an authorised representative and prevent re-use of the previous ten passwords for that authorised representative. Passwords shall have a minimum length of 8 characters and be a mix of numeric and alphabetical characters.

Passwords shall not be displayed on a computer screen when being entered by an authorised representative, and password files shall not be directly visible to an authorised representative of the Central Administrator or registry administrator.

A firewall shall protect the Community independent transaction log and each registry from the Internet, and shall be configured as strictly as is possible to limit traffic to and from the Internet.

The Community independent transaction log and each registry shall run regular virus scans on all nodes, workstations and servers within their networks. Anti-virus software shall be updated regularly.

The Community independent transaction log and each registry shall ensure that all node, workstation and server software is correctly configured and routinely patched as security and functional updates are released.

When necessary, the Community independent transaction log and each registry shall apply additional security requirements to ensure that the registry system is able to respond to new security threats.