FIT-CR-01 — Basic cryptography requirements
No hardcoded symmetric keys as sole encryption. Proven cryptographic primitives only. No deprecated algorithms. Best-practice configuration. No key reuse across purposes. Secure RNG. No development-phase credentials. No hardcoded credentials. Signed data always validated. Trust chains always validated.
| Property | Value |
|---|---|
| Section | 5.3.1 Basic cryptography requirements |
| Owner | platform |
Mapped Controls
| Control | Title |
|---|---|
| SID-CRYPTO-01 | PKCS#11 HSM Key Protection |
| SID-CRYPTO-03 | AES-256-GCM Encrypted Keystore |
| SID-CRYPTO-04 | COSE Sign1 and mDOC Cryptography |
| SID-CRYPTO-05 | Secure Random Number Generation |
Source: Nordic EUDIW Certification System – Wallet Instance FitCEM PP Appendix