elarlang
commented
1 month ago Closed danielcuthbert closed 3 weeks ago
elarlang
commented
1 month ago 
danielcuthbert
commented
3 weeks ago Closing this thanks to the merge by @elarlang based on our PR
With V5 nearly ready, it was time we addressed the cryptography section so that it was more in-line with modern cryptographic approaches, including usability, security and addresses future concerns pertaining to Post-Quantum Cryptography.
With the new section, we've added a number of sections, namely:
V6.1 Data Classification and Cryptographic Inventory V6.2 General Requirements for Cryptographic Algorithms V6.3 Cipher Algorithms V6.3a Hashing and Hash-based Functions V6.4 Random Values V6.5 Secret Management V6.6 Key Exchange Mechanisms V6.7 In-Use Data Cryptography V6.8 Post-Quantum Cryptography (PQC)
The main objective of this rewrite to help all on the journey to solid cryptography management. Those implementing cryptography in their apps MUST use strong cryptography; understand the techniques used, and maintain an inventory of their use cases, algorithms and keys, including obsolete assets, to address and mitigate risks derived from weak cryptography.
The terms used are taken from NIST SP 800-57 Part 1.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.
https://github.com/OWASP/ASVS/pull/2212