What constitutes "stored separately" for satisfying the intent of this paragraph?
Stored separately could mean many different things -
- Files
- Databases
- Internal APIs
- Virtual Machines
- Physical Machines
- (Requiring a Hardware Security Module?)
- Physical Locations
I can see where each one of these provide different degrees of separation - and therefore protection, and that the degree of separation should be based upon a risk-analysis of the data being protected.
But at some point, I would expect that there be some minimal degree of separation to be able to be considered compliant with this recommendation.
I can understand that in the general case, "anything is better than nothing", but we would appreciated some guidance or clarification on the intent.
What constitutes "stored separately" for satisfying the intent of this paragraph?
Stored separately could mean many different things -
I can see where each one of these provide different degrees of separation - and therefore protection, and that the degree of separation should be based upon a risk-analysis of the data being protected.
But at some point, I would expect that there be some minimal degree of separation to be able to be considered compliant with this recommendation.
I can understand that in the general case, "anything is better than nothing", but we would appreciated some guidance or clarification on the intent.