351 – Assign unique keys to each device

Summary

Each individual device must have unique cryptographic keys and certificates.

Description

A system that is using unique cryptographic keys applied to devices can prevent unauthorized devices from gaining access to a network or system. Without the proper keys and certificates, a device should not be able to establish a secure connection or participate in transactions.

Supported In

Advanced: True

References

• CWE-693. Protection mechanism failure
• CWE-1233. Improper hardware lock protection for security sensitive controls
• OWASP10-A5. Security misconfiguration
• SANS25-18. Use of hard-coded credentials
• PDPO-9A_66G. Powers exercisable in relation to premises and electronic devices
• CMMC-MP_L2-3_8_1. Media protection
• CMMC-MP_L2-3_8_2. Media access
• CMMC-SC_L2-3_13_10. Key management
• HITRUST-01_k. Equipment identification in networks
• HITRUST-01_x. Mobile computing and communications
• FEDRAMP-MP-2. Media access
• PTES-7_7. Post Exploitation - Persistence
• MVSP-2_8. Application design controls - Encryption
• OWASPSCP-6. Cryptographic practices
• NIST800171-5_1. Identify system users, processes acting on behalf of users, and devices
• C2M2-9_5_e. Implement data security for cybersecurity architecture
• PCI-3_6_1_1. Protect cryptographic keys used to protect stored account data
• SIGLITE-SL_31. Are clients provided with the ability to generate a unique encryption key?
• OWASPMASVS-CRYPTO-2. The app performs key management according to industry best practices
• CWE25-798. Use of hard-coded credentials

Last updated

2024/02/05