REQ.146 Set timeout to cryptographic keys
Cryptographic keys must remain in RAM for maximum 5 seconds.
OWASP-ASVS v3.1-1.12 There is an explicit policy for how cryptographic keys (if any) are managed, and the lifecycle of cryptographic keys is enforced. Ideally, follow a key management standard such as NIST SP 800-57.
OWASP-ASVS v3.1-7.9 Verify that there is an explicit policy for how cryptographic keys are managed (e.g., generated, distributed, revoked, and expired). Verify that this key lifecycle is properly enforced.
OWASP-ASVS v3.1-7.13 Verify that sensitive passwords or key material maintained in memory is overwritten with zeros as soon as it no longer required, to mitigate memory dumping attacks.
OWASP-ASVS v3.1-9.11 Verify that authenticated data is cleared from client storage, such as the browser DOM, after the client or session is terminated.