Cryptographic keys should not remain in RAM for more than 5 seconds.
This requirement is verified in following services
- OWASP TOP 10-A7. Identification and authentication failures
- PA-DSS-2_5_3. Secure cryptographic key storage
- SANS 25-15. Use of Hard-coded Credentials
- CMMC-SC_L2-3_13_16. Data at rest
- HITRUST CSF-10_g. Key management
- FedRAMP-SC-13. Cryptographic protection
- ISO/IEC 27002-8_24. Use of cryptography
- OWASP SCP-6. Cryptographic practices
- BSAFSS-EN_3-1. Software protects and validates encryption keys
- C2M2-9_5_e. Implement data security for cybersecurity architecture
- PCI DSS-3_7_3. Secure cryptographic key storage
- ISO/IEC 27001-8_24. Use of cryptography
Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.