Technical Guidance

This is a collection of external resources for implementing security controls in compliance with data protection and privacy laws.

Technical Security Controls:

Access Control

Implement least privilege, restrict users to only the functionality, data and system information that is required to perform their tasks.

• OWASP Access Control Cheat Sheet

Data Integrity

Data records must be protected from unauthorized modification to ensure data quality and integrity.

Data Protection

Data records, especially sensitive data, must be protected from unauthorized access.

• OWASP Cryptographic Storage Cheat Sheet

Code Security

• OWASP Secure Coding Practices Quick Reference Guide

Mobile App Security

• OWASP Mobile App Security Checklist
• OWASP Mobile Security Testing Guide (MSTG)
• OWASP Mobile Application Security Verification Standard
• Apple Security Development Checklists

Healthcare Industry Security

• FDA's guidance on cybersecurity for medical devices
• HIPAA Guidance Materials at U.S. Department of Health & Human Services website

Privacy Compliance:

Data Protection Impact Assessment (DPIA)

• Data Protection Impact Assessment Template, as recommended by the UK Information Commissioner’s Office

Privacy and Anonymity

• OWASP User Privacy Protection Cheat Sheet