You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Create a new risk for "Cryptographic Keys Not Properly Protected on Export (MASVS-CRYPTO-2)" using the following information:
Before exporting, keys should be "wrapped" or encrypted with another key. This process ensures that the cryptographic key is protected during and after export. This is true even if the key is sent over a secure channel.
Create "risks/MASVS-CRYPTO/2-***-****/crypto-keys-not-protected-export/risk.md" including the following content:
---
title: Cryptographic Keys Not Properly Protected on Exportalias: crypto-keys-not-protected-exportplatform: [android, ios]profiles: [L2]mappings:
masvs-v2: [MASVS-CRYPTO-2, MASVS-STORAGE-1, MASVS-NETWORK-1]mastg-v1: []
---
## Overview## Impact## Modes of Introduction## Mitigations
When creating the corresponding tests, use the following areas to guide you:
key wrapping (NIST.SP.800-175Br1 5.3.5)
MASTG v1 Refactoring:
If the risk has a MASVS v1 ID, you can use it to search for related tests in the MASTG and use them as input to define your risks and associated tests.
Acceptance Criteria
The risk has been created in the correct directory (risks/MASVS-CRYPTO/2-***-****/crypto-keys-not-protected-export/risk.md)
Description
Create a new risk for "Cryptographic Keys Not Properly Protected on Export (MASVS-CRYPTO-2)" using the following information:
Before exporting, keys should be "wrapped" or encrypted with another key. This process ensures that the cryptographic key is protected during and after export. This is true even if the key is sent over a secure channel.
Create "
risks/MASVS-CRYPTO/2-***-****/crypto-keys-not-protected-export/risk.md
" including the following content:To complete the sections follow the guidelines from Writing MASTG Risks & Tests
Use at least the following references:
When creating the corresponding tests, use the following areas to guide you:
MASTG v1 Refactoring:
If the risk has a MASVS v1 ID, you can use it to search for related tests in the MASTG and use them as input to define your risks and associated tests.
Acceptance Criteria
risks/MASVS-CRYPTO/2-***-****/crypto-keys-not-protected-export/risk.md
)The text was updated successfully, but these errors were encountered: