Use pre-existent mechanisms

Summary

The systems cryptographic functions must be implemented with pre-existing and up-to-date cryptographic mechanisms.

Description

The systems cryptographic functions are essential for maintaining the confidentiality and integrity of transactions and communications. Therefore, these functions must be based on pre-existent, tested, approved and secure mechanisms.

Supported In

This requirement is verified in following services

Plan	Supported
Machine	🟢
Squad	🟢

References

• CAPEC™-20. Encryption brute forcing
• CIS-3_6. Encrypt data on end-user devices
• CIS-16_11. Leverage vetted modules or services for application security components
• CWE™-326. Inadequate encryption strength
• CWE™-327. Use of a broken or risky cryptographic algorithm
• HIPAA-164_312_a_2_iv. Encryption and decryption (addressable)
• NIST 800-53-IA-7. Cryptographic module authentication
• OWASP TOP 10-A4. Insecure design
• NYDFS-500_15. Encryption of nonpublic information
• CMMC-AC_L1-3_1_2. Transaction & function control
• CMMC-AC_L2-3_1_13. Remote access confidentiality
• CMMC-SC_L1-3_13_1. Boundary protection
• CMMC-SC_L2-3_13_8. Data in transit
• CMMC-SC_L2-3_13_15. Communications authenticity
• HITRUST CSF-06_f. Regulation of cryptographic controls
• HITRUST CSF-09_m. Network controls
• HITRUST CSF-09_s. Information exchange policies and procedures
• HITRUST CSF-09_y. On-line transactions
• HITRUST CSF-10_d. Message integrity
• HITRUST CSF-10_f. Policy on the use of cryptographic controls
• FedRAMP-CM-3_6. Baseline configuration - Cryptography management
• FedRAMP-SC-8_1. Cryptographic or alternate physical protection
• ISA/IEC 62443-SI-3_1. Communication integrity
• OSSTMM3-10_7_2. Telecommunications security (controls verification) - Confidentiality
• OSSTMM3-11_7_2. Data networks security (controls verification) - Confidentiality
• NIST SSDF-PS_1_1. Protect all forms of code from unauthorized access and tampering
• PTES-4_5_3. Threat capability analysis - Communication mechanisms
• MVSP-2_8. Application design controls - Encryption
• BSAFSS-EN_2-5. Avoid weak encryption
• OWASP MASVS-V1_8. Architecture, design and threat modeling requirements
• NIST 800-171-1_13. Employ cryptographic mechanisms to protect the confidentiality of remote access sessions
• OWASP ASVS-1_9_1. Communications architecture
• OWASP ASVS-6_2_2. Algorithms
• OWASP ASVS-8_3_7. Sensitive private data
• C2M2-9_5_d. Implement data security for cybersecurity architecture
• PCI DSS-9_4_3. Media is secured and tracked when transported
• OWASP ASVS-2_8_3. One time verifier
• CASA-1_9_1. Communications Architecture
• CASA-6_2_2. Algorithms

Vulnerabilities

• 411. Insecure encryption algorithm - Default encryption

free trial

Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.