FIT-DS-10 — Authentication data stored properly
Any secret/confidential data related to the authentication of the user SHALL NOT leave the device. The wallet instance SHALL implement mechanisms to ensure no confidential authentication data can be transferred outside the app storage. Account recovery MAY transfer authentication data but SHALL ensure confidentiality and integrity.
| Property | Value |
|---|---|
| Section | 5.2.10 Authentication data stored properly |
| Owner | platform |
Mapped Controls
| Control | Title |
|---|---|
| SID-AUTH-01 | FIDO2/WebAuthn Passwordless Authentication |
| SID-CRYPTO-02 | PRF Extension Key Derivation |
Source: Nordic EUDIW Certification System – Wallet Instance FitCEM PP Appendix