6.5.3 Insecure cryptographic storage

PCI DSS v3.2.1 Questions and Answers Forum Maintain a Vulnerability Management Program
1

6.5.3 Insecure cryptographic storage
6.5.3 Examine software-development policies and procedures and interview responsible personnel to verify that insecure cryptographic storage is addressed by coding techniques that:
• Prevent cryptographic flaws.
• Use strong cryptographic algorithms and keys.
Applications that do not utilize strong cryptographic functions properly to store data are at increased risk of being compromised, and exposing authentication credentials and/or cardholder data. If an attacker is able to exploit weak cryptographic processes, they may be able to gain clear-text access to encrypted data.