Protect application services information transmitted over a public network from unauthorized disclosure.

CONTROL ID
12020

CONTROL TYPE
Technical Security

CLASSIFICATION
Preventive

This Control directly supports the implied Control(s):

Use strong data encryption to transmit in scope data or in scope information, as necessary., CC ID: 00564

There are no implementation support Controls.

Verify that directory browsing is disabled unless deliberately desired. Additionally, applications should not allow discovery or disclosure of file or directory metadata, such as Thumbs.db, .DS_Store, .git or .svn folders. (4.3.2, Application Security Verification Standard 4.0.3, 4.0.3)
Information involved in application services passing over public networks shall be protected from fraudulent activity, contract dispute and unauthorized disclosure and modification. (A.14.1.2 Control, ISO 27001:2013, Information Technology - Security Techniques - Information Security Management Systems - Requirements, 2013)
Information involved in application services passing over public networks should be protected from fraudulent activity, contract dispute and unauthorized disclosure and modification. (§ 14.1.2 Control, ISO/IEC 27002:2013(E), Information technology â Security techniques â Code of practice for information security controls, Second Edition)