Back

Protect application services information transmitted over a public network from unauthorized modification.


CONTROL ID
12021
CONTROL TYPE
Technical Security
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Use strong data encryption to transmit in scope data or in scope information, as necessary., CC ID: 00564

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • The cloud provider uses secure network protocols for the import and export of information as well as for the management of the service in order to ensure the integrity, confidentiality and availability of the transported data. (Section 5.10 PI-04 Basic requirement ¶ 1, Cloud Computing Compliance Controls Catalogue (C5))
  • Protect the confidentiality of SWIFT-related data transmitted and residing outside of the secure zone. (2.5A Control Objective, Swift Customer Security Controls Framework (CSCF), v2019)
  • Information involved in application services passing over public networks shall be protected from fraudulent activity, contract dispute and unauthorized disclosure and modification. (A.14.1.2 Control, ISO 27001:2013, Information Technology - Security Techniques - Information Security Management Systems - Requirements, 2013)
  • Information involved in application services passing over public networks should be protected from fraudulent activity, contract dispute and unauthorized disclosure and modification. (§ 14.1.2 Control, ISO/IEC 27002:2013(E), Information technology — Security techniques — Code of practice for information security controls, Second Edition)