ASVS Requirement 11.1.1

• Level: 2
• Chapter: V11 Cryptography
• Section: V11.1 Cryptographic Inventory and Documentation
• Source: 0x20-V11-Cryptography.md

Description

Verify that there is a documented policy for management of cryptographic keys and a cryptographic key lifecycle that follows a key management standard such as NIST SP 800-57. This should include ensuring that keys are not overshared (for example, with more than two entities for shared secrets and more than one entity for private keys).