SID-DATA-08 — Server-Side Data Cache Protection
| Property | Value |
|---|---|
| Owner | platform |
| Category | technical |
| CSF Function | protect |
| Group | Data Protection Controls |
Description
Sensitive data (credentials, PII, session tokens) must not be retained in intermediate caches. (1) HTTP Cache-Control: no-store on all API responses containing sensitive data. (2) No sensitive data cached in application-level caches (Redis, in-memory) beyond operational necessity. (3) Temporary copies purged immediately after use. (4) Request parameter minimisation — sensitive data sent in HTTP body, not query strings.
Components
- Wallet Backend (Go)
- FaceTec API (Go)
Source References
Framework Requirements
FitCEM Wallet Instance: FIT-DS-02, FIT-DS-04
OWASP ASVS 4.0.3 Level 3: V8.1