Overview#
Security Considerations are Best Practices for Security and CybersecuritySecurity Considerations Best Current Practices (BCP) #
- BCP 14 requires RFCs to contain a Security Considerations
- BCP 72 provides Guidelines for Writing RFC Text on Security Considerations
Security Considerations SHOULD take the time to elaborate the security implications of not implementing a MUST or SHOULD, or doing something the specification says MUST NOT or SHOULD NOT
These terms are frequently used to specify behavior with security implications. The effects on security of not implementing a MUST or SHOULD, or doing something the specification says MUST NOT or SHOULD NOT be done may be very subtle. Document authors should take the time to elaborate the security implications of not following recommendations or requirements as most implementors will not have had the benefit of the experience and discussion that produced the specification. RFC 2119
More Information#
There might be more information for this subject on one of the following:- A Standard for the Transmission of IP Datagrams on Avian Carriers
- Authentication Challenges
- Authenticator App
- Authoritative Entity
- Best Practices OpenID Connect
- Biometric Data Challenges
- Certificate
- Covert Redirect Vulnerability
- De-anonymization
- Domain Name System
- Draft-behera-ldap-password-policy
- Elliptic Curve
- Event Data Recorder
- Fast Healthcare Interoperability Resources
- Fragment Response Mode
- Glossary Of LDAP And Directory Terminology
- Grant Types
- Guidelines for Writing RFC Text on Security Considerations
- IDN homograph attack
- IP spoofing
- IT Service Management
- Identity questions
- Implicit Grant
- Internationalized Resource Identifiers
- Key words for use in RFCs to Indicate Requirement Levels
- Localhost
- Logout Process
- OAuth 2.0 Client Registration
- OAuth 2.0 Security Considerations
- OAuth 2.0 Threat Model and Security Configurations
- Offset Codebook Mode
- OpenID Connect Back-Channel Logout
- Password Authentication
- Password Considerations and Requirements
- Passwordless SMS Authentication
- Privacy Considerations
- Proxy Auto-Config
- Proxy Server
- Public Wi-Fi
- RFC 2119
- Remember Me
- Reputation System
- Robotic Process Automation
- SSL-TLS Interception
- Same Origin Policy
- Security Token
- Server-Side Login throttling schemes
- Service Account
- Single Sign-On
- Subscriber Identification Module
- Time synchronization
- URI Fragment Identifiers
- Unvalidated redirects and forwards
- Web Origin
- Web Proxy Auto-Discovery Protocol
- Who Owns the Data
- Wi-Fi Protected Access 2
