I think I mentioned it before, but it helps to repeat: sometimes, your users' passwords will show up in logs, alongside the usernames.
If you are under HIPAA and username/password combos are considered PHI, then logs also become PHI ... think about it.
No comments:
Post a Comment