diff --git a/input/pages/index.md b/input/pages/index.md
index ed711982..510c2fb1 100644
--- a/input/pages/index.md
+++ b/input/pages/index.md
@@ -127,7 +127,7 @@ the [FHIR Implementer's Safety Check List]({{site.data.fhir.path}}safety.html#7.
 considerations relate to any FHIR implementation, including authentication, authorization, access control
 consistent with patient consent, transaction logging, and following best practices. QI-Core security conformance rules are as follows:
 
--  Systems **SHOULD** use TLS version 1.1 or higher with bi-directional certificate validation for all transmissions not taking place over a secure network connection.
+-  Systems **SHOULD** refer to BCP195 to ensure transmissions are taking place over a secure network connection.
 -  Systems **SHOULD** use OAuth or an equivalent mechanism to provide necessary authentication (user or system-level).
 -  Systems **SHOULD** use either IHE's ATNA standard for audit logging or an equivalent using the AuditEvent resource.