CoP 4: Securely store credentials and security-sensitive data

Any credentials shall be stored securely within services and on devices. Hard-coded credentials in device software are not acceptable.

Reverse engineering of devices and applications can easily discover credentials such as hard-coded usernames and passwords in software. Simple obfuscation methods also used to obscure or encrypt this hard-coded information can be trivially broken. Security-sensitive data that should be stored securely includes, for example, cryptographic keys, device identifiers and initialisation vectors. Secure, trusted storage mechanisms should be used such as those provided by a Trusted Execution Environment and associated trusted, secure storage.

Primarily applies to: Device Manufacturers, IoT Service Providers, Mobile Application Developers

View a full-screen version of this mapping

Download this data 

v4 (JSON) (CSV) (ODS)

v3 (JSON) (CSV) (ODS)

v2 (JSON) (CSV) (ODS)

v1 (JSON) (CSV) (ODS)

search previous next tag category expand menu location phone mail time cart zoom edit close