| All web interfaces use secure (https) protocol |
1.0 |
1.0 |
1.0 |
1.0 |
1.0 |
1.0 |
1.0 |
1.0 |
1.0 |
| Any group access privileges or functions are supported through group membership, not through group login via a single account. |
|
|
|
0.2 |
0.5 |
0.8 |
1.0 |
1.0 |
1.0 |
| Expertise of the originators of the project/product is represented throughout the content as appropriate (e.g., in author pages, references, citations, and about or background pages). |
0.2 |
0.3 |
0.4 |
0.5 |
0.6 |
0.7 |
0.8 |
1.0 |
1.0 |
| Opinions and perspectives are offered only as they relate to the mission of the project, and are clearly identified and put into context. |
|
|
|
|
|
|
0.1 |
0.1 |
0.1 |
| Presented information and data are consistent throughout the project. |
0.5 |
0.5 |
0.5 |
0.5 |
0.5 |
0.6 |
0.8 |
1.0 |
1.0 |
| Re-authentication (e.g., on lost password) requires appropriate verification (e.g., email to known account, or 2-factor authentication; not security questions). |
|
|
|
0.2 |
0.5 |
1.0 |
1.0 |
1.0 |
1.0 |
| The product user experience (e.g, response times) is materially unaffected by increasing levels of use, analyzed inputs, or generated outputs; consistent with user expectations. |
|
|
|
|
0.2 |
0.4 |
0.6 |
0.8 |
0.8 |
| User can access all appropriate capabilities and information, but can not access any content or feature that should be privileged. |
|
|
|
|
0.3 |
0.5 |
0.8 |
1.0 |
1.0 |
| Where registration is allowed, registration validation is consistent with required project security (e.g., simple captcha for insecure public-facing resources; email required for mildly resource-constrained software; manual identity verification for critical products) |
|
0.3 |
0.6 |
0.8 |
1.0 |
1.0 |
1.0 |
1.0 |
1.0 |