17.3.18 Prevention of information leakage or manipulation in transit
Users shall apply security controls when transmitting data of ‘confidential’ or higher classification to external parties.
- Such data must be encrypted prior to transmission
- Encrypted data and password should be transmitted separately, ideally via different mechanisms.
- The use of multiple entity protection is encouraged.