SAMMY UI is optimized for resolutions with a width 1024px and higher.
Maturity Level 1
Maturity Level 2
Maturity Level 3
Organize basic data protections
O-OM-A-1: Do you protect and handle information according to protection requirements for data stored and processed on each application?
  • You know the data elements processed and stored by each application
  • You know the type and sensitivity level of each identified data element
  • You have controls to prevent propagation of unsanitized sensitive data from production to lower environments
Coverage
- None: There is no coverage for this activity or not all quality criteria have been fulfilled.
- Some: You perform this activity across some portion of your applications, to a certain extend, or review it on an ad-hoc basis, while making sure that all quality criteria are fulfilled.
- Half: You perform this activity across half of your applications, to a larger extent or review it at regular times (though not very often), while making sure that all quality criteria are fulfilled.
- Most/All: You perform this activity across most / all of your applications, to a full extent or review it at regular times at most once a year, while making sure that all quality criteria are fulfilled.
Description

Understand the types and sensitivity of data stored and processed by your applications, and maintain awareness of the fate of processed data (e.g., backups, sharing with external partners). At this level of maturity, the information gathered may be captured in varying forms and different places; no organization-wide data catalog is assumed to exist. Protect and handle all data associated with a given application according to protection requirements applying to the most sensitive data stored and processed.

Implement basic controls, to prevent propagation of unsanitized sensitive data from production environments to lower environments. By ensuring unsanitized production data are never propagated to lower (non-production) environments, you can focus data protection policies and activities on production.

Endorsed Solutions for Mastering Data Protection
vendor logo Become a Recommended Vendor for Data Protection!

Are you a provider of cutting-edge products, processes, consultancy, or technology that aligns with Data Protection? Showcase your expertise and connect with organizations seeking solutions like yours. Apply now to become an endorsed vendor and help others achieve mastery!

Do you want to recommend a vendor to appear here? Recommend a vendor
OWASP Team guidance

This is the official guidance provided by the OWASP SAMM Team.

Loading...
Loading, please wait.
Community guidance

This guidance is based on the approved community submissions.

Loading...
Loading, please wait.