v9 Data protection verification requirementsΒΆ
- 9.1 Sensitive data does not get cached
- 9.2 Sensitive data is identified and access policy exists and is enforced
- 9.3 Sensitive data does not get sent in the URL
- 9.4 Temporary client caches of sensitive data are properly cleaned up
- 9.5 Temporary server caches of sensitive data are properly cleaned up
- 9.6 Sensitive data can be removed after required retention period
- 9.7 Minimal parameters are sent to untrusted systems
- 9.8 Abnormal behaviour is detectable
- 9.9 Client side storage does not contain secrets
- 9.10 Accessing sensitive data is logged
- 9.11 Sensitive data is rapidly sanitized from memory