Young hacker smiling

We hack your software

zero false positives

Expert intelligence + specialized technology

REQ.148 Set minimum size of asymmetric encryption

This document contains the details of the security requirements related to the definition and management of cryptographic systems. This requirement establishes the importance of setting asymmetric encryption of minimum size in the cryptographic functions of the system.

Requirement

The asymmetric encryption mechanism must use a minimum key size of 2048 bits.

References

  1. HIPAA Security Rules 164.312(a)(2)(iv): Encryption and Decryption: Implement a mechanism to encrypt and decrypt electronic protected health information.

  2. OWASP-ASVS v3.1-1.12 There is an explicit policy for how cryptographic keys (if any) are managed, and the lifecycle of cryptographic keys is enforced. Ideally, follow a key management standard such as NIST SP 800-57.


Service status - Terms of Use