Back

Design the random number generator to generate random numbers that are unpredictable.


CONTROL ID
12255
CONTROL TYPE
Systems Design, Build, and Implementation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Implement a hardware security module, as necessary., CC ID: 12222

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • If the device generates random numbers in connection with security over sensitive data, the random number generator has been assessed to ensure that it is generating sufficiently unpredictable numbers. (B9, Payment Card Industry (PCI), PIN Transaction Security (PTS) Hardware Security Module (HSM) - Security Requirements, Version 2.0)
  • If random numbers are generated by the device in connection with security over sensitive data, the random number generator has been assessed to ensure that it is generating sufficiently unpredictable numbers. (B9, Payment Card Industry (PCI), PIN Transaction Security (PTS) Hardware Security Module (HSM) - Security Requirements, Version 3.0)
  • Verify that random numbers are created with proper entropy even when the application is under heavy load, or that the application degrades gracefully in such circumstances. (6.3.3, Application Security Verification Standard 4.0.3, 4.0.3)
  • Verify usage of cryptographically secure pseudo-random number generator on embedded device (e.g., using chip-provided random number generators). (C.23, Application Security Verification Standard 4.0.3, 4.0.3)