Each individual device must have unique cryptographic keys and certificates.
This requirement is verified in following services
- CWE™-693. Protection mechanism failure
- CWE™-1233. Improper hardware lock protection for security sensitive controls
- OWASP TOP 10-A5. Security misconfiguration
- SANS 25-15. Use of Hard-coded Credentials
- PDPO-9A_66G. Powers exercisable in relation to premises and electronic devices
- CMMC-MP_L2-3_8_1. Media protection
- CMMC-MP_L2-3_8_2. Media access
- CMMC-SC_L2-3_13_10. Key management
- HITRUST CSF-01_k. Equipment identification in networks
- HITRUST CSF-01_x. Mobile computing and communications
- FedRAMP-MP-2. Media access
- PTES-7_7. Post Exploitation - Persistence
- MVSP-2_8. Application design controls - Encryption
- OWASP SCP-6. Cryptographic practices
- OWASP MASVS-V3_5. Cryptography requirements
- NIST 800-171-5_1. Identify system users, processes acting on behalf of users, and devices
- C2M2-9_5_e. Implement data security for cybersecurity architecture
- PCI DSS-3_6_1_1. Protect cryptographic keys used to protect stored account data
- SIG Lite-SL_31. Are clients provided with the ability to generate a unique encryption key?
Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.