Skip to main content

FitCEM Wallet Instance

56 requirements mapped to controls.

Requirements

RequirementTitleControlsOwner
FIT-AR-01Unsupported OS version prohibitionSID-HARD-06platform
FIT-AR-02Outdated OS update promptSID-HARD-06platform
FIT-DS-01Utilize platform security and privacy functionsSID-CRYPTO-03, SID-CRYPTO-02platform
FIT-DS-02Sensitive data only within wallet instanceSID-CRYPTO-03, SID-DATA-08platform
FIT-DS-03Logs and sensitive dataSID-AUDIT-01, SID-AUDIT-02platform
FIT-DS-04Sensitive data and third partiesSID-PRIV-01, SID-DATA-08platform
FIT-DS-05Disable keyboard cacheSID-HARD-08platform
FIT-DS-06Shoulder surfing / remote surveillance protectionSID-HARD-08platform
FIT-DS-07Deactivate clipboardSID-HARD-08platform
FIT-DS-08Restricting IPCSID-HARD-03, SID-HARD-02platform
FIT-DS-09File access permissionsSID-ACCESS-01, SID-ACCESS-02platform
FIT-DS-10Authentication data stored properlySID-AUTH-01, SID-CRYPTO-02platform
FIT-DS-11Removing data when in backgroundSID-HARD-08platform
FIT-DS-12Memory and sensitive dataSID-DATA-09platform
FIT-DS-13Encrypting sensitive dataSID-CRYPTO-03, SID-CRYPTO-02, SID-AUTH-05platform
FIT-DS-14Encrypting backupsSID-DATA-10platform
FIT-DS-15No sensitive data in backupsSID-DATA-10platform
FIT-CR-01Basic cryptography requirementsSID-CRYPTO-01, SID-CRYPTO-03, SID-CRYPTO-04, SID-CRYPTO-05platform
FIT-CR-02WI-WSCA communication securitySID-KEY-03, SID-KEY-04platform
FIT-AU-01Wallet Unit AttestationSID-HARD-06platform
FIT-AU-02Wallet Instance AttestationSID-HARD-06platform
FIT-AU-03Binding (device and user)SID-AUTH-01, SID-KEY-03platform
FIT-AU-04Wallet UnlockSID-AUTH-05platform
FIT-AU-05Deactivation after failed attemptsSID-AUTH-05platform
FIT-AU-06Local retry counterSID-AUTH-05, SID-KEY-04platform
FIT-AU-07Cryptographic keys for launching walletSID-KEY-03, SID-CRYPTO-02platform
FIT-AU-08WSCA communication keysSID-KEY-03, SID-KEY-04platform
FIT-AU-09Operations on critical assetsSID-KEY-03, SID-KEY-04, SID-AUTH-05platform
FIT-AU-10PIN codesSID-AUTH-05platform
FIT-AU-11Receiving/storing identification data and attestationsSID-CRYPTO-03, SID-TRANS-02platform
FIT-AU-12Pseudonymous authenticationSID-PRIV-04platform
FIT-AU-13Confirming the relying partySID-TRUST-03, SID-TRUST-05platform
FIT-AU-14Constructing a presentationSID-DATA-01, SID-DATA-02, SID-KEY-03platform
FIT-AU-15Presentation responseSID-KEY-03, SID-TRANS-03platform
FIT-AU-16Embedded disclosure policiesSID-PRIV-01platform
FIT-AU-17Attestation issuanceSID-TRANS-02, SID-TRUST-03platform
FIT-AU-18Authentication initiationSID-HARD-02platform
FIT-AU-19WI–backend communicationSID-TRANS-01, SID-AUTH-04platform
FIT-AU-20Wallet deactivation (user and provider)SID-AUTH-06platform
FIT-DC-01General data communication requirementsSID-TRANS-01, SID-TRANS-04platform
FIT-PI-01General platform interaction requirementsSID-HARD-02, SID-HARD-08, SID-HARD-05platform
FIT-PI-02Enforcing device accessSID-HARD-06platform
FIT-CS-01Code security, quality and development environmentSID-OPS-08, SID-HARD-02, SID-OPS-04platform
FIT-SR-01Security controls and resilienceSID-HARD-09, SID-HARD-06platform
FIT-FR-01Environment reporting to wallet providerSID-HARD-06platform
FIT-FR-02Genuine app verificationSID-HARD-06platform
FIT-FR-03OS-version level enforcement (functional)SID-HARD-06platform
FIT-NF-01All used components are knownSID-OPS-04, SID-OPS-09platform
FIT-NF-02Architecture documentationSID-OPS-09platform
FIT-NF-03Sensitive data properly identifiedSID-OPS-09platform
FIT-NF-04Functionality properly described and documentedSID-OPS-13operator
FIT-NF-05Threat model documentedSID-OPS-09platform
FIT-NF-06User guidanceSID-OPS-13operator
FIT-NF-07Development and security practicesSID-OPS-08, SID-OPS-09platform
FIT-NF-08Cryptographic key management policySID-OPS-13, SID-KEY-01, SID-KEY-02, SID-KEY-03, SID-KEY-04operator
FIT-NF-09Security controls validatedSID-OPS-08, SID-OPS-09platform