Kingdom: Security Features
Software security is not security software. Here we're concerned with topics like authentication, access control, confidentiality, cryptography, and privilege management.
Compliance Failure: Missing Privacy Policy
Abstract
The application fails to clearly state the policy to protect user information.
Explanation
Compliance with various privacy laws requires web sites to place a publicly accessible policy statement detailing how the site collects and handles user information. Any standard web application privacy policy should include the following components:
- A description of the intended purpose for collecting the data.
- A description of the use of the data.
- Methods for limiting the use and disclosure of the information.
- A list of the types of third parties to whom the information might be disclosed.
- Contact information for inquires and complaints.
Absence of a publicly accessible privacy policy document is in violation of various privacy laws.
- A description of the intended purpose for collecting the data.
- A description of the use of the data.
- Methods for limiting the use and disclosure of the information.
- A list of the types of third parties to whom the information might be disclosed.
- Contact information for inquires and complaints.
Absence of a publicly accessible privacy policy document is in violation of various privacy laws.
References
[1] Standards Mapping - General Data Protection Regulation (GDPR) Privacy Violation
[2] Standards Mapping - NIST Special Publication 800-53 Revision 4 TR-1 Privacy Notice
[3] Standards Mapping - NIST Special Publication 800-53 Revision 5 PT-5 Privacy Notice
[4] Standards Mapping - Payment Card Industry Data Security Standard Version 3.0 Requirement 6.5.6
[5] Standards Mapping - Payment Card Industry Data Security Standard Version 3.1 Requirement 6.5.6
[6] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2 Requirement 6.5.6
[7] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2.1 Requirement 6.5.6
[8] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0 Requirement 6.2.4
[9] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0.1 Requirement 6.2.4
[10] Standards Mapping - Payment Card Industry Software Security Framework 1.0 Control Objective 4.2 - Critical Asset Protection
[11] Standards Mapping - Payment Card Industry Software Security Framework 1.1 Control Objective 4.2 - Critical Asset Protection
[12] Standards Mapping - Payment Card Industry Software Security Framework 1.2 Control Objective 4.2 - Critical Asset Protection
desc.dynamic.xtended_preview.compliance_failure_missing_privacy_policy