Skip to main content

2.4.7.15

Req NoRequirementCompliance Class And ApplicabilityPrimary KeywordSecondary Keyword
2.4.7.15Where cryptographic suites are used such as TLS, all cipher suites shall be listed and validated against the current security recommendations such as NIST 800-131A [ref 2]1 or OWASP. Where insecure ciphers suites are identified they shall be removed from the product.Mandatory for Class 1 and aboveBusinessProcess

Footnotes

  1. NIST Special Publication 800-131A Revision 1 ”Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths” November 2015