1.5 – Verify Secure Storage of Sensitive Data

Requirement Description

Verify that all sensitive data, private keys, and certificates are stored securely within the DUT, using one or more of the following mechanisms:

This ensures protection against unauthorized access, tampering, or extraction.

DUT Confirmation Details

OEM Statement: (Insert vendor confirmation on storage mechanisms used for sensitive data, keys, and certificates.)
Observed State: (Insert findings after verification.)

DUT Software Details

Hash Checksum Verification for DUT’s Software Image

DUT Configuration

(Insert configuration commands, file paths, or security settings used to verify secure storage implementation.) Example:

tpm2_getcap handles-persistent
cat /etc/security/storage.conf
openssl x509 -in cert.pem -noout -text

Pre-Conditions

The vendor shall provide the following:

List of all keys and certificates used in the device ecosystem.
List of all sensitive data with their intended usage and the secure storage mechanisms implemented, including any secure configurations required.
Key Management Life Cycle documentation, including:
- Purpose of each key and certificate
- Generation process
- Storage method and protection level
- Destruction/zeroization procedure
- Validity period
- Key changeover/rotation process

Test Plan

Total Number of Test Cases: 3

Planned Test Cases:

BIS-1.5.1: Verification of secure storage mechanism via OEM documentation and system inspection.
BIS-1.5.2: Verification through code review to ensure correct implementation of secure storage APIs.
BIS-1.5.3: Runtime verification and functional testing of secure storage operations (e.g., key retrieval, encryption/decryption within secure environment).

Test-bed Diagram with Interfaces and IPs

(Attach diagram showing DUT, secure storage module, test system, and relevant debug/network connections used during testing.)

Last updated 7 days ago

Was this helpful?