Documentation - V-222423

V-222423

Application Security and Development Security Technical Implementation Guide

CAT II

Title

Application data protection requirements must be identified and documented.

Description

<VulnDiscussion>Failure to protect organizational information from data mining may result in a compromise of information. In order to assign the appropriate data protections, application data must be identified and then protection requirements assigned. Access to sensitive data and sensitive data objects should be restricted to those authorized to access the data. Examples of sensitive data include but are not limited to; Social Security Numbers, Personally Identifiable Information, or any othe...

Fix Text (Documentation Requirement)

Identify and document the application data elements and the data protection requirements.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel