The authentication Credential must be bound to the physical Subject and to the IdMS record pertaining to that Subject as described in this section.
4.2.4.1 Credential Issuance
The subject will identify him/herself using information only known to the subject.
4.2.4.2 Credential Revocation
We will revoke Credentials and Tokens within 72 hours after being notified that a Credential is no longer valid or is compromised.
4.2.4.3 Credential Renewal or Re-issuance
Passwords can be reset by the subject by accessing https:// ... /, supplying their login name and answers to pre-registered personalized questions OR by Help Desk staff after the subject has provided personal information only known by the subject using the process defined in 4.2.4.1.
4.2.4.4 Credential Issuance Records Retention
Records of credential issuance and revocation will be retained for a minimum of 180 days beyond the expiration of the credential. The records include the credential unique identifier and the time of issuance/revocation.