Fluid Attacks logo
Contact Us
Young hacker smiling
Zero false positives

Expert intelligence + effective automation

Contact logo Contact Us

REQ.149 Set minimum size of symmetric encryption

This document contains the details of the security requirements related to the definition and management of cryptographic systems. This requirement establishes the importance of setting symmetric encryption of minimum size in the cryptographic functions of the system.


The symmetric encryption mechanism must use a minimum key size of 128 bits.


  1. HIPAA Security Rules 164.312(a)(2)(iv): Encryption and Decryption: Implement a mechanism to encrypt and decrypt electronic protected health information.

  2. OWASP-ASVS v3.1-1.12 There is an explicit policy for how cryptographic keys (if any) are managed, and the lifecycle of cryptographic keys is enforced. Ideally, follow a key management standard such as NIST SP 800-57.

Service status - Terms of Use