Data Location: Application
-
Data Retention
—
by
Observe applicable data retention policies upon project completion. Securely delete the information if possible. If you must retain a copy of information at this level, ensure that it remains secure.
-
Data minimization
—
by
Limit the storage and collection of data at this risk level to that which is necessary to accomplish the legitimate purpose for which it is collected.
-
Application inventory
—
by
Create and maintain an application inventory that includes assigned risk classification level, data volume, and users with access.
-
Data inventory
—
by
Create and maintain an information inventory that includes classification level, information owner, and users with access.
-
Multi-factor authentication on Servers and Applications
—
by
Utilize multi-factor authentication for remote interactive user and administrator logins
-
Don’t reuse passwords
—
by
Do not reuse passwords for multiple services. Do not use your Kerberos password for non-Kerberos enabled systems.
-
Use strong passwords
—
by
Use strong passwords. Change authentication keys e.g., password, certificate, regularly – at least annually.