1. US National Institute of Standards and Technology (NIST)
1.1. NIST Special Publication 800-163 Revision 1
1.1.1. 2.2 Organization-Specific Requirements Digital Signature
1.2. NIST Special Publication 800-190
1.2.1. 4.1.4 Embedded clear text secrets
2. Open Web Application Security Project (OWASP)
2.1. Mobile Application Security Verification Standard (MASVS)
2.1.1. 3.1 MSTG-CRYPTO-1
2.1.2. 3.2 MSTG-CRYPTO-2
2.1.3. 3.3 MSTG-CRYPTO-3
2.1.4. 3.4 MSTG-CRYPTO-4
2.1.5. 3.5 MSTG-CRYPTO-5
2.1.6. 3.6 MSTG-CRYPTO-6
2.1.7. 5.2 MSTG-NETWORK-2
2.1.8. 7.1 MSTG-CODE-1
2.2. Application Security Verification Standard 4.0.3 (ASVS)
2.2.1. V1.6 Cryptographic Architecture
2.2.2. V2.8 One Time Verifier
2.2.3. V2.9 Cryptographic Verifier
2.2.4. V3.2 Session Binding
2.2.5. V6.2 Algorithms
2.2.6. V6.3 Random Values
2.2.7. V6.4 Secret Management
2.2.8. V8.3 Sensitive Private Data
2.2.9. V9.1 Client Communication Security
2.2.10. V9.2 Server Communication Security
3. APPLE
3.1. Developer Security
3.1.1. Secure Data Preventing Insecure Network Connections Overview
3.1.2. Cryptography Complying with Encryption Export Regulations Overview
3.1.3. Cryptography Complying with Encryption Export Regulations Declare Your App’s Use of Encryption
3.1.4. Cryptography Complying with Encryption Export Regulations Provide Compliance Documentation
3.1.5. Cryptography Certificate, Key, and Trust Services Overview
3.1.6. Cryptography Cryptographic Message Syntax Services Overview
3.1.7. Cryptography Randomization Services Overview
3.1.8. Cryptography Security Transforms Overview
3.1.9. Cryptography Security Transforms Overview
3.1.10. Legacy Interfaces Secure Transport Overview
4. UK National Cyber Security Centre (NCSC)
4.1. Application development Recommendations
4.1.1. Secure data handling Cryptography
5. GOOGLE
5.1. Core app quality
5.1.1. SC-N1
5.1.2. SC-C1
6. National Information Assurance Partnership (NIAP)
6.1. Requirements for Vetting Mobile Apps from the Protection Profile for Application Software
6.1.1. Random Bit Generation Services FCS_RBG_EXT.1.1
6.1.2. Random Bit Generation from Application FCS_RBG_EXT.2.1
6.1.3. Random Bit Generation from Application FCS_RBG_EXT.2.2
6.1.4. Cryptographic Key Generation Services FCS_CKM_EXT.1.1
6.1.5. Cryptographic Asymmetric Key Generation FCS_CKM.1.1(1)
6.1.6. Cryptographic Key Establishment FCS_CKM.2.1
6.1.7. Cryptographic Operation - Encryption/Decryption FCS_COP.1.1(1)
6.1.8. Cryptographic Operation - Hashing FCS_COP.1.1(2)
6.1.9. Cryptographic Operation - Signing FCS_COP.1.1(3)
6.1.10. Cryptographic Operation - Keyed-Hash Message Authentication FCS_COP.1.1(4)
6.1.11. HTTPS Protocol FCS_HTTPS_EXT.1.2
6.1.12. X.509 Certificate Validation FIA_X509_EXT.1.1
6.1.13. X.509 Certificate Validation FIA_X509_EXT.1.2
6.1.14. X.509 Certificate Authentication FIA_X509_EXT.2.1
6.1.15. X.509 Certificate Authentication FIA_X509_EXT.2.2
6.1.16. Cryptographic Symmetric Key Generation FCS_CKM.1.1(2)
7. Department for Digital, Culture, Media & Sport (DCMS)
7.1. Code of practice for app store operators and app developers
7.1.1. 2. Ensure apps adhere to baseline security and privacy requirements
8. European Telecommunications Standards Institute (ETSI)
8.1. ETSI TS 103 732
8.1.1. 8.1.1 Cryptographic Support (FCS) FCS_COP.1_User_Data_Assets Cryptographic operation
8.1.2. 8.1.1 Cryptographic Support (FCS) FCS_CKM.4 Cryptographic key destruction
9. ioXt Alliance
9.1. Mobile Application Profile
9.1.1. 4.3. Proven Cryptography PC1
9.1.2. 4.3. Proven Cryptography PC2
9.1.3. 4.3. Proven Cryptography PC103
9.1.4. 4.5. Verified Software VS3
9.1.5. 4.7. Secured Interfaces SI101
9.1.6. 4.7. Secured Interfaces SI104