!!! Overview
[{$pagename}] is the management of [Credentials].

[{$pagename}] is the set of practices that an [Credential Service Provider] uses to:[1]
* [Credential Enrollment]
* [Credential Issuance]
* [Credential Reset] or [Credential Recovery]
* [Credential Suspension]
* [Credential Revocation]
[credentials] for identities within their context and amongst any [Federation] partners


!! [Risks] with [{$pagename}]
* [Attackers] that can gain control of your [{$pagename}] system can issue [credentials] that make them an insider, potentially with [privileges] to compromise systems undetected.
* Compromised [{$pagename}] processes result in the need to re-issue [credentials], which can be an expensive and time-consuming process.
* Business application owners’ expectations around security and [Trust Models] are rising, and can expose [{$pagename}] as a weak link that may jeopardize [compliance] claims.


These [Credentials] are secrets and may consist of:
* [passwords] - for which we have [Password Management]
* [Private Keys] - which we really have no real standard for [{$pagename}], perhaps [Secure Element]?
* [Certificates] - which we have maybe [Public Key Infrastructure]; but that does not provide storage of [Private Keys]
* [Universal Second Factor] - Which has no standard for [{$pagename}]
* [Biometric Templates] - Typically, these 

!! No Recovery
Any [Authentication Method] (or [Authentication Factor]) without a [{$pagename}] that includes [Credential Recovery], requires the replacement of the [Credential] y performing [Credential Enrollment] and [Identity Proofing]

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Federal Identity, Credential, and Access Management Architecture|https://gsa.github.io/ficam-arch/services/credentials/|target='_blank'] - based on information obtained 2017-04-02-