ASVS Requirement 14.1.1

• Level: 2
• Chapter: V14 Data Protection
• Section: V14.1 Data Protection Documentation
• Source: 0x23-V14-Data-Protection.md

Description

Verify that all sensitive data created and processed by the application has been identified and classified into protection levels. This includes data that is only encoded and therefore easily decoded, such as Base64 strings or the plaintext payload inside a JWT. Protection levels need to take into account any data protection and privacy regulations and standards which the application is required to comply with.