Under active development Content is continuously updated and improved

DM-07Test Data Sanitization

>Control Description

Restricted data is redacted prior to use in a non-production environment.

Theme

Process

Type

Preventive

Policy/Standard

Secure Development Lifecycle Policy

>Implementation Guidance

1. Ensure that a process is defined, documented, and communicated for redacting or not using production data in test environments. 2. Ensure that sufficient tools and processes exists for creation of dummy test data for testing purposes.

>Testing Procedure

1. Inspect and validate whether a documented process is defined, and communicated for redacting or not using production data in test environments. 2. Validate for a sample, whether any production data is used in test environments. 3. Validate how test data is generated and used for testing.

>Audit Artifacts

E-VM-15
E-DM-10

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

Ask AI

Configure your API key to use AI features.