Symptom
Data Protection Assessment is a requirement for apps accessing advanced permissions that is designed to assess how developers use, share and protect Platform Data as described in the Facebook Platform Terms. Facebook may request screen-shots related to their ongoing Data Protection Assessment. Below are examples of requests:
[A] Enforce encryption at rest for all Platform Data storage (e.g., all database files, backups, object storage buckets) - Please attach a screenshot of how you implement encryption at rest on your system such as a screenshot of the encryption controls enabled on your data server, etc.
[B] Enforce TLS 1.2 encryption or greater for all network connections where Platform Data is transmitted – Please upload evidence of how you enforce TLS 1.2 encryption such as a screenshot of the encryption controls enabled on your servers or logs that monitor your encryption of data in transit.
[C] Test your app and systems for vulnerabilities and security issues at least every 12 months – Screenshots of any vulnerability and/or security scans and assessments performed in the last 12 months.
[D] Protect sensitive data like credentials and access tokens – Screenshots of the system/tool that you use to protect sensitive data like credentials and access tokens such as a vault or secrets manager.
[F] Require multi-factor authentication for remote access – Screenshot of the tools/configurations that you use that prove that you implement multi-factor authentication for remote access.
[H] Have a system for keeping system code and environments updated, including servers, virtual machines, distributions, libraries, packages, and anti-virus software – Screenshots of any updates performed on the system; security patches and any additional evidence to validate if the system code and environments are updated in a timely manner. For example dependabot on GitHub.
Read more...
Environment
- SAP Customer Data Cloud
Product
Keywords
Gigya, data platform, security, Facebook application , KBA , CEC-PRO , SAP Customer Data Cloud - Identity, - Consent, - Profile , How To
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.