ISO/IEC 27000 Data Masking, v2022
Specifies requirements in accordance with the security and privacy controls specified by ISO/IEC Publication 27001:2022, related to data masking.
Assessment Step
|
1
Data Masking (DataMasking)
Is data masking used in accordance with the organization's topic-specific policy on access control, related topic-specific policies, business requirements, and applicable legislation?
Artifact
A1
Provide evidence (e.g. organizational policies, procedures, compliance/assessment reports, etc.) and supporting notes as appropriate to support the assessor's response to this assessment step.
|
Conformance Criteria (1)
|
Data Masking
Data masking shall be used in accordance with the organization's topic-specific policy on access control and other related topic-specific policies, and business requirements, taking applicable legislation into consideration.
Citations
27001
Annex A, Control 8.11
27002
Section 8.11
|