⭐ G14 Controlled Access
🏁 14-2 All communication of sensitive information over less-trusted networks
should be encrypted.
Whenever information flows over a network with a lower trust level
the information should be encrypted.
🏁 14-4 All information stored on systems shall be protected with
file system
network share
claims
application
or database specific access control lists.
These controls will enforce the principal that
only authorized individuals should have access to the information
🏁 14-7 Archived data sets or systems not regularly accessed by the organization
shall be removed from the organization's network.
These systems shall only be used as stand alone systems (disconnected from the network)
by the business unit needing to occasionally use the system
or completely virtualized
and powered off until needed.
based on their need to access the information
as a part of their responsibilities.