V2.8 — One Time Verifier
One Time Verifier: 7 L3 requirement(s). V2.8.1: Verify that time-based OTPs have a defined lifetime before expiring. V2.8.2: Verify that symmetric keys used to verify submitted OTPs are highly protected, such as by using a hardware security modu... V2.8.3: Verify that approved cryptographic algorithms are used in the generation, seeding, and verification of OTPs. ... and 4 more.
| Property | Value |
|---|---|
| Section | V2.8 |
| Owner | platform |
Mapped Controls
| Control | Title |
|---|---|
| SID-ARCH-01 | Platform Architecture Non-Applicability Register |
Source: OWASP Application Security Verification Standard 4.0.3