DM-07—Test Data Sanitization

>Control Description

Restricted data is redacted prior to use in a non-production environment.

Theme

Process

Type

Preventive

Policy/Standard

Secure Development Lifecycle Policy

>Implementation Guidance

1. Ensure that a process is defined, documented, and communicated for redacting or not using production data in test environments. 2. Ensure that sufficient tools and processes exists for creation of dummy test data for testing purposes.

>Testing Procedure

1. Inspect and validate whether a documented process is defined, and communicated for redacting or not using production data in test environments. 2. Validate for a sample, whether any production data is used in test environments. 3. Validate how test data is generated and used for testing.

>Audit Artifacts

E-VM-15

E-DM-10

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

Ask AI

Configure your API key to use AI features.

>Control Description

Theme

Type

Policy/Standard

>Implementation Guidance

>Testing Procedure

>Audit Artifacts

>Framework Mappings

ISO 27002:20221

PCI DSS2

BSI C51

Ask AI

ISO 27002:2022
1

PCI DSS
2

BSI C5
1