The cryptographic functions of the system
must be implemented with pre-existing and up-to-date cryptographic mechanisms.
System cryptographic functions are essential for maintaining the
confidentiality and integrity of transactions and communications.
Therefore, these functions must be based on pre-existent, tested, approved and
CWE-326: Inadequate Encryption Strength
The software stores or transmits sensitive data using an encryption scheme that
is theoretically sound,
but is not strong enough for the level of protection required.
NIST 800-53 IA-7
Cryptographic module authentication:
The information system implements mechanisms for authentication
to a cryptographic module that meet the requirements
of applicable federal laws, Executive Orders, directives, policies,
regulations, standards, and guidance for such authentication.