UnixTime

Research Note

Application Transaction Security Checklist

Use this checklist for applications that perform payments, customer transactions, public-network transactions, or legally significant actions.

On this page

When to use this

Use this checklist for applications that perform payments, customer transactions, public-network transactions, or legally significant actions.

Checklist

  • User and party identity verification defined.
  • Authorization rules defined.
  • Segregation of duties considered.
  • Secure communication protocol required.
  • Confidentiality and integrity controls defined.
  • Digital signature/non-repudiation need assessed.
  • Certificate authority process reviewed.
  • Transaction logging and monitoring defined.
  • Legal/regulatory requirements reviewed.
  • Fraud or dispute handling considered.

Transaction requirement record

Application Transaction type Required controls Approval Test evidence Notes
TBD TBD TBD TBD TBD TBD