Separate keys for encryption and signatures
The system must use asymmetric cryptography with separated keys for encryption and signatures.
This requirement is verified in following services:
- OWASP-M TOP 10-M5. Insufficient cryptography
- CERT-J-SER02-J. Sign then seal objects before sending them outside a trust boundary
- MITRE ATT&CK®-M1041. Encrypt sensitive information
- CMMC-SC_L2-3_13_10. Key management
- HITRUST CSF-10_g. Key management
- FedRAMP-CM-3_6. Baseline configuration - Cryptography management
- ISO/IEC 27002-8_24. Use of cryptography
- OWASP SCP-6. Cryptographic practices
- C2M2-9_5_e. Implement data security for cybersecurity architecture
- PCI DSS-3_6_1_2. Protect cryptographic keys used to protect stored account data
- ISO/IEC 27001-8_24. Use of cryptography
Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.