FIT-DS-13 — Encrypting sensitive data
The wallet instance SHALL NOT store any sensitive data unencrypted. SHALL use hardware-backed key stores for encryption keys. SHALL only grant access to encryption keys after successful user authentication. SHALL NOT rely solely on device unlock code to protect hardware-backed keys.
| Property | Value |
|---|---|
| Section | 5.2.13 Encrypting sensitive data |
| Owner | platform |
Mapped Controls
| Control | Title |
|---|---|
| SID-CRYPTO-03 | AES-256-GCM Encrypted Keystore |
| SID-CRYPTO-02 | PRF Extension Key Derivation |
| SID-AUTH-05 | Wallet Unlock, Lockout, and PIN Security |
Source: Nordic EUDIW Certification System – Wallet Instance FitCEM PP Appendix