πΌ 53 Wholesale access to sensitive data (e.g. contents of customer databases or intellectual property that can be exploited for personal gain) would be highly restricted to reduce the risk exposure to significant data leakage events. Industry experience of actual data leakage incidents include the unauthorised extraction of debit/credit card details, theft of personally identifiable information, loss of unencrypted backup media and the sale/trade or exploitation of customer identity data.
- Contextual name: πΌ 53 Wholesale access to sensitive data (e.g. contents of customer databases or intellectual property that can be exploited for personal gain) would be highly restricted to reduce the risk exposure to significant data leakage events. Industry experience of actual data leakage incidents include the unauthorised extraction of debit/credit card details, theft of personally identifiable information, loss of unencrypted backup media and the sale/trade or exploitation of customer identity data.
- ID:
/frameworks/apra-cpg-234/20/53 - Located in: πΌ 20 Implementation of controls - Data leakage
Descriptionβ
Empty...
Similarβ
- Internal
- ID:
dec-c-0b43da79
- ID:
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|
Policies (10)β
| Policy | Logic Count | Flags |
|---|---|---|
| π AWS EC2 Security Group allows unrestricted traffic to MongoDB π’ | 1 | π’ x6 |
| π AWS EC2 Security Group allows unrestricted traffic to Oracle DBMS π’ | 1 | π’ x6 |
| π AWS RDS Instance is publicly accessible and in an unrestricted public subnet π’ | 1 | π’ x6 |
| π AWS S3 Bucket is not configured to block public access π’ | 1 | π’ x6 |
| π Azure Cosmos DB Account Virtual Network Filter is not enabled π’ | 1 | π’ x6 |
| π Azure Managed Disk Public Network Access is not disabled π’ | 1 | π’ x6 |
| π Azure SQL Database allows ingress from 0.0.0.0/0 (ANY IP) π’ | 1 | π’ x6 |
| π Azure SQL Server Public Network Access is not disabled π’ | 1 | π’ x6 |
| π Azure Storage Account Allow Blob Anonymous Access is set enabled π’ | 1 | π’ x6 |
| π Azure Storage Account Default Network Access Rule is not set to Deny π’ | 1 | π’ x6 |
Internal Rulesβ
| Rule | Policies | Flags |
|---|---|---|
| βοΈ dec-x-4f30f24e | 1 | |
| βοΈ dec-x-46a83a30 | 1 | |
| βοΈ dec-x-0289e9c9 | 1 | |
| βοΈ dec-x-083928f5 | 1 | |
| βοΈ dec-x-63737248 | 1 | |
| βοΈ dec-x-b17c005c | 1 | |
| βοΈ dec-x-d127f407 | 1 | |
| βοΈ dec-x-ec547a7c | 1 | |
| βοΈ dec-x-f937c35f | 1 | |
| βοΈ dec-z-c82c9f97 | 1 |