Assign unique keys to each device
Summary
Each individual device must have unique cryptographic keys and certificates.
Description
A system that is using unique cryptographic keys applied to devices can prevent unauthorized devices from gaining access to a network or system. Without the proper keys and certificates, a device should not be able to establish a secure connection or participate in transactions.
References
- CWE-693. Protection mechanism failure
- CWE-1233. Improper hardware lock protection for security sensitive controls
- OWASP10-A5. Security misconfiguration
- SANS25-18. Use of hard-coded credentials
- PDPO-9A_66G. Powers exercisable in relation to premises and electronic devices
- CMMC-MP_L2-3_8_1. Media protection
- CMMC-MP_L2-3_8_2. Media access
- CMMC-SC_L2-3_13_10. Key management
- HITRUST-01_k. Equipment identification in networks
- HITRUST-01_x. Mobile computing and communications
- FEDRAMP-MP-2. Media access
- PTES-7_7. Post Exploitation - Persistence
- MVSP-2_8. Application design controls - Encryption
- OWASPSCP-6. Cryptographic practices
- NIST800171-5_1. Identify system users, processes acting on behalf of users, and devices
- C2M2-9_5_e. Implement data security for cybersecurity architecture
- PCI-3_6_1_1. Protect cryptographic keys used to protect stored account data
- SIGLITE-SL_31. Are clients provided with the ability to generate a unique encryption key?
- OWASPMASVS-CRYPTO-2. The app performs key management according to industry best practices
- CWE25-798. Use of hard-coded credentials
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan.If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.
Supported In
This requirement is verified in following services
Essential Plan
Advanced Plan