17.3.18 Prevention of information leakage or manipulation in transit

Users shall apply security controls when transmitting data of ‘confidential’ or higher classification to external parties.

  • Such data must be encrypted prior to transmission
  • Encrypted data and password should be transmitted separately, ideally via different mechanisms.
  • The use of multiple entity protection is encouraged.

Table of Contents