Back

Protect application services information transmitted over a public network from fraudulent activity.


CONTROL ID
12018
CONTROL TYPE
Technical Security
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Use strong data encryption to transmit in scope data or in scope information, as necessary., CC ID: 00564

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Information involved in application services passing over public networks shall be protected from fraudulent activity, contract dispute and unauthorized disclosure and modification. (A.14.1.2 Control, ISO 27001:2013, Information Technology - Security Techniques - Information Security Management Systems - Requirements, 2013)
  • Information involved in application services passing over public networks should be protected from fraudulent activity, contract dispute and unauthorized disclosure and modification. (§ 14.1.2 Control, ISO/IEC 27002:2013(E), Information technology — Security techniques — Code of practice for information security controls, Second Edition)
  • Reputation risk mitigation: Review whether management includes the use of controls to minimize or prevent disclosure of personal information and the potential for fraudulent transactions. Also, review management's mitigation of risks associated with the use of a third party, if applicable. (AppE.7 Objective 5:4 d., FFIEC IT Examination Handbook - Retail Payment Systems, April 2016)