2.4.7.15
Req No | Requirement | Compliance Class And Applicability | Primary Keyword | Secondary Keyword |
---|---|---|---|---|
2.4.7.15 | Where cryptographic suites are used such as TLS, all cipher suites shall be listed and validated against the current security recommendations such as NIST 800-131A [ref 2]1 or OWASP. Where insecure ciphers suites are identified they shall be removed from the product. | Mandatory for Class 1 and above | Business | Process |
Footnotes
-
NIST Special Publication 800-131A Revision 1 ”Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths” November 2015 ↩