147 – Use pre-existent mechanisms

Summary

The systems cryptographic functions must be implemented with pre-existing and up-to-date cryptographic mechanisms.

Description

The systems cryptographic functions are essential for maintaining the confidentiality and integrity of transactions and communications. Therefore, these functions must be based on pre-existent, tested, approved and secure mechanisms.

Supported In

Essential: True

Advanced: True

References

• CAPEC-20. Encryption brute forcing
• CIS-3_6. Encrypt data on end-user devices
• CIS-16_11. Leverage vetted modules or services for application security components
• CWE-326. Inadequate encryption strength
• CWE-327. Use of a broken or risky cryptographic algorithm
• HIPAA-164_312_a_2_iv. Encryption and decryption (addressable)
• NIST80053-IA-7. Cryptographic module authentication
• OWASP10-A4. Insecure design
• NYDFS-500_15. Encryption of nonpublic information
• CMMC-AC_L1-3_1_2. Transaction & function control
• CMMC-AC_L2-3_1_13. Remote access confidentiality
• CMMC-SC_L1-3_13_1. Boundary protection
• CMMC-SC_L2-3_13_8. Data in transit
• CMMC-SC_L2-3_13_15. Communications authenticity
• HITRUST-06_f. Regulation of cryptographic controls
• HITRUST-09_m. Network controls
• HITRUST-09_s. Information exchange policies and procedures
• HITRUST-09_y. On-line transactions
• HITRUST-10_d. Message integrity
• HITRUST-10_f. Policy on the use of cryptographic controls
• FEDRAMP-CM-3_6. Baseline configuration - Cryptography management
• FEDRAMP-SC-8_1. Cryptographic or alternate physical protection
• IEC62443-SI-3_1. Communication integrity
• OSSTMM3-10_7_2. Telecommunications security (controls verification) - Confidentiality
• OSSTMM3-11_7_2. Data networks security (controls verification) - Confidentiality
• NISTSSDF-PS_1_1. Protect all forms of code from unauthorized access and tampering
• PTES-4_5_3. Threat capability analysis - Communication mechanisms
• MVSP-2_8. Application design controls - Encryption
• BSAFSS-EN_2-5. Avoid weak encryption
• NIST800171-1_13. Employ cryptographic mechanisms to protect the confidentiality of remote access sessions
• ASVS-1_9_1. Communications architecture
• ASVS-6_2_2. Algorithms
• ASVS-8_3_7. Sensitive private data
• C2M2-9_5_d. Implement data security for cybersecurity architecture
• PCI-9_4_3. Media is secured and tracked when transported
• ASVS-2_8_3. One time verifier
• CASA-1_9_1. Communications Architecture
• CASA-6_2_2. Algorithms
• FISMA-IA-7. Cryptographic module authentication

Weaknesses

• 411 – Insecure encryption algorithm - Default encryption

Last updated

2024/01/12