SID-AUTH-06 — Wallet Lifecycle Management

Property	Value
Owner	platform
Category	technical
CSF Function	protect
Group	Authentication Controls

Description

Controlled wallet activation and deactivation lifecycle:

(1) User SHALL be able to deactivate a single wallet instance, multiple instances, or all instances at any time. (2) Wallet provider SHALL be able to deactivate a single instance, multiple instances, or all instances at any time (e.g. for revocation, compromise response, or policy enforcement). (3) Deactivation SHALL securely erase all sensitive data, revoke active sessions, and invalidate wallet attestations (WIA/WUA). (4) Activation flow SHALL provision WSCA/WSCD resources and establish device/user binding. (5) Re-activation after deactivation SHALL require full identity re-verification at the original assurance level.

Not yet implemented — no deactivation mechanism exists. Activation flow via WebAuthn registration exists but lacks formal WSCA provisioning.

Components

• Wallet Frontend
• Wallet Backend (Go)

Framework Requirements

FitCEM Wallet Instance: FIT-AU-20

ISO 27001 Annex A: A.8.10