ASVS Requirement 11.2.2

• Level: 2
• Chapter: V11 Cryptography
• Section: V11.2 Secure Cryptography Implementation
• Source: 0x20-V11-Cryptography.md

Description

Verify that the application is designed with crypto agility such that random number, authenticated encryption, MAC, or hashing algorithms, key lengths, rounds, ciphers and modes can be reconfigured, upgraded, or swapped at any time, to protect against cryptographic breaks. Similarly, it must also be possible to replace keys and passwords and re-encrypt data. This will allow for seamless upgrades to post-quantum cryptography (PQC), once high-assurance implementations of approved PQC schemes or standards are widely available.