Let's reword this to create a selection which levies considerable additional requirements for applications which store secrets themselves.
Motivating vendor comment:
"Many applications store credentials in a hashed format within a database. For example a .NET server application utilizing a MS-SQL database. It would appear this does not qualify as a "recommended" mechanism provided by the operating system vendor. It certainly is not in alignment with the Assurance Acitvity which applies to users interactacting with computers, web sites, etc.
In addition some crypto-orientented applications utilize a HSM or Lockbox for storing private keys or password secrets."
Let's reword this to create a selection which levies considerable additional requirements for applications which store secrets themselves.
Motivating vendor comment: "Many applications store credentials in a hashed format within a database. For example a .NET server application utilizing a MS-SQL database. It would appear this does not qualify as a "recommended" mechanism provided by the operating system vendor. It certainly is not in alignment with the Assurance Acitvity which applies to users interactacting with computers, web sites, etc.
In addition some crypto-orientented applications utilize a HSM or Lockbox for storing private keys or password secrets."