c Connections are secure (https rather than http; foxs rather than fox).

c The authentication scheme has been selected for each user.

c User roles have been identified. You need to determine what each user can do with each component in the system. Objects to protect are components, files, and histories. Each of these is assigned a category.

c Roles have been created and assigned to each user. This assignment grants permission for the user to access each category of object. The user’s role defines exactly what each user can do with each object in the system.

c If you are using client user authentication, each user has created a client certificate and submitted their certificate with its public key.

c If you are using the Google Authenticator, the app has been installed on the user’s mobile device.

c Each user has been created.

c The audit log has been set up for later analysis.