ASVS Requirement 14.1.2

• Level: 2
• Chapter: V14 Data Protection
• Section: V14.1 Data Protection Documentation
• Source: 0x23-V14-Data-Protection.md

Description

Verify that all sensitive data protection levels have a documented set of protection requirements. This must include (but not be limited to) requirements related to general encryption, integrity verification, retention, how the data is to be logged, access controls around sensitive data in logs, database-level encryption, privacy and privacy-enhancing technologies to be used, and other confidentiality requirements.