V1.6 — Cryptographic Architecture
Cryptographic Architecture: 4 L3 requirement(s). V1.6.1: Verify that there is an explicit policy for management of cryptographic keys and that a cryptographic key lifecycle foll... V1.6.2: Verify that consumers of cryptographic services protect key material and other secrets by using key vaults or API based ... V1.6.3: Verify that all keys and passwords are replaceable and are part of a well-defined process to re-encrypt sensitive data. ... and 1 more.
| Property | Value |
|---|---|
| Section | V1.6 |
| Owner | platform |
Mapped Controls
| Control | Title |
|---|---|
| SID-CRYPTO-01 | PKCS#11 HSM Key Protection |
| SID-CRYPTO-02 | PRF Extension Key Derivation |
| SID-CRYPTO-03 | AES-256-GCM Encrypted Keystore |
| SID-CRYPTO-05 | Secure Random Number Generation |
Source: OWASP Application Security Verification Standard 4.0.3