364 – Provide extended validation (EV) certificates

Summary

Public applications with critical content should provide extended validation (EV) certificates.

Description

The use of Extended Validation (EV) certificates enhances the user experience by providing a clear and recognizable indication of a website's legitimacy. These certificates are a type of digital certificate used in the context of secure communication over the internet, providing a higher level of assurance to users and website visitors by undergoing a more rigorous validation process compared to standard SSL/TLS certificates.

Supported In

Advanced: True

References

• CWE-295. Improper certificate validation
• CWE-298. Improper validation of certificate expiration
• OWASP10-A7. Identification and authentication failures
• CMMC-AC_L1-3_1_22. Control public information
• HITRUST-09_z. Publicly available information
• HITRUST-10_c. Control of internal processing
• ISO27002-8_26. Application security requirements
• BSAFSS-EN_3-3. Software protects and validates encryption keys
• ISO27001-8_26. Application security requirements

Last updated

2024/01/18