Cryptographic keying material
Identifies cryptographic keying material patterns in security and access control contexts. Detects potential exposure of sensitive security information in Australian systems.
- Type
- regex
- Engine
- boost_regex
- Confidence
- low
- Confidence justification
- Low confidence marker: phrase-based artifact detection to bootstrap line-by-line coverage. Requires corroborative evidence and later hardening to high-confidence structural patterns.
- Detection quality
- Mixed
- Jurisdictions
- global
- Regulations
- Criminal Code Act 1995 (Cth), NDB Scheme (Cth), SOCI Act 2018 (Cth), TIA Act 1979 (Cth)
- Frameworks
- CIS Controls, DISP, ISO 27001, NIST CSF, PCI-DSS, SOC 2
- Data categories
- credentials, government-id, pii, security
- Scope
- wide
- Platform compatibility
- Purview: Compatible, GCP DLP: Compatible, Macie: Compatible, Zscaler: Compatible, Palo Alto: Compatible, Netskope: Compatible
Pattern
\bcryptographic\s+keying\s+material\bCorroborative evidence keywords
cryptographic keying material, cryptographic, keying, material, defense, intelligence, government, agency, department, ministry, public sector, civil service, welfare, social services, public administration, statutory authority, regulatory body, public servant, government program, public benefit (+1 more)
Proximity: 300 characters
Should match
Cryptographic keying material— Exact phrase marker matchcryptographic keying material— Case-insensitive phrase matchCryptographic keying material— Normalized whitespace phrase
Should not match
unrelated generic text— No relevant phrase contextplaceholder value 12345— Random text should not match phrase marker
Known false positives
- Authentication-related terminology in software documentation, security training materials, or system architecture descriptions without actual credentials. Mitigation: Require proximity to credential-specific patterns (API keys, connection strings, tokens) rather than general security terminology.
- Code snippets and configuration examples containing credential-related keywords or placeholder values in developer documentation. Mitigation: Check for common placeholder patterns (example.com, localhost, 0000) and documentation file types to reduce false positives from technical writing.
References
- https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/ism
- https://www.protectivesecurity.gov.au/