Mechanisms exist to utilize a trusted communications path between the user and the security functions of the system.
Does the organization utilize a trusted communications path between the user and the security functions of the system?