REQ.148 Set minimum size of asymmetric encryption
The asymmetric encryption mechanism must use a minimum key size of 2048 bits.
HIPAA Security Rules 164.312(a)(2)(iv): Encryption and Decryption: Implement a mechanism to encrypt and decrypt electronic protected health information.
OWASP-ASVS v3.1-1.12 There is an explicit policy for how cryptographic keys (if any) are managed, and the lifecycle of cryptographic keys is enforced. Ideally, follow a key management standard such as NIST SP 800-57.