5.3  Logical Access Control

(a)  The Authority and the Service Provider shall implement and adhere to the procedures as outlined in the Operations Procedures to maintain logical access control for Services and the Authority Data.  These obligations shall include the creation and management of a User authentication mechanism.