Closed scradster closed 3 years ago
Great catch! We will remove 2.2.1 and modify 2.3.1 with the following:
Verify that sensitive information such as personal identifiable information (PII) and user account credentials are stored securely using strong encryption to protect from data leakage and integrity checking to protect against unauthorized modification.
@scradster would you mind submitting a pull request for this? Removing 2.2.1 and modifying 2.3.1. Thanks!
https://github.com/OWASP/IoT-Security-Verification-Standard-ISVS/blame/4582968e2b0323a02cfba36b9d32584d4eb0489a/en/V2-User_Space_Application_Requirements.md#L31
https://github.com/OWASP/IoT-Security-Verification-Standard-ISVS/blame/4582968e2b0323a02cfba36b9d32584d4eb0489a/en/V2-User_Space_Application_Requirements.md#L42
Both require almost the same (2.3.1 missing API keys as example).
Would suggest to remove 2.2.1 and add API keys to 2.3.1 since this requirement better fits Data Protection than Authorization.