Assign unique keys to each device
Summary
Each individual device must have unique cryptographic keys and certificates.
Description
A system that is using unique cryptographic keys applied to devices can prevent unauthorized devices from gaining access to a network or system. Without the proper keys and certificates, a device should not be able to establish a secure connection or participate in transactions.
Supported In
This requirement is verified in following services
Plan | Supported |
---|---|
Essential | 🔴 |
Advanced | 🟢 |
References
- CWE™-693. Protection mechanism failure
- CWE™-1233. Improper hardware lock protection for security sensitive controls
- OWASP TOP 10-A5. Security misconfiguration
- SANS 25-18. Use of hard-coded credentials
- PDPO-9A_66G. Powers exercisable in relation to premises and electronic devices
- CMMC-MP_L2-3_8_1. Media protection
- CMMC-MP_L2-3_8_2. Media access
- CMMC-SC_L2-3_13_10. Key management
- HITRUST CSF-01_k. Equipment identification in networks
- HITRUST CSF-01_x. Mobile computing and communications
- FedRAMP-MP-2. Media access
- PTES-7_7. Post Exploitation - Persistence
- MVSP-2_8. Application design controls - Encryption
- OWASP SCP-6. Cryptographic practices
- NIST 800-171-5_1. Identify system users, processes acting on behalf of users, and devices
- C2M2-9_5_e. Implement data security for cybersecurity architecture
- PCI DSS-3_6_1_1. Protect cryptographic keys used to protect stored account data
- SIG Lite-SL_31. Are clients provided with the ability to generate a unique encryption key?
- OWASP MASVS-CRYPTO-2. The app performs key management according to industry best practices
- CWE TOP 25-798. Use of hard-coded credentials
free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.