Young hacker smiling

We hack your software

zero false positives

Attacking Applications, APIs, Mobile Apps Servers, Networks, IoT Devices
ICS: Industrial Control System
SOC: Security Operations Center

REQ.146 Set timeout to cryptographic keys

This document contains the details of the security requirements related to definition and management of cryptographic systems. This requirement establishes the importance of protecting system cryptographic keys by limiting the time they remain in system RAM.

Requirement

Cryptographic keys must remain in RAM for maximum 5 seconds.

References

  1. OWASP-ASVS v3.1-1.12 There is an explicit policy for how cryptographic keys (if any) are managed, and the lifecycle of cryptographic keys is enforced. Ideally, follow a key management standard such as NIST SP 800-57.


Service status - Terms of Use