Documentation on storage of restricted data (e.g. credit card numbers)

(0) Share

Report

Posted on by Florian Hopfner

2,466

Is there any documentation (ideally on a level for a customer with only basic technical knowledge of AX) on how AX stores and handles restricted data such as credit card numbers or social security numbers?

So far my research only led me to the existing question Does AX store credit card information?, in which one answer suggest to do a technical analysis on how AX stores credit card data. I fear this will take quite some effort and yield a very technical answer to a question that is more concerned with legality and regulations.

Although I tagged the question with AX 2012 (R3 CU11, in case that matters), I would also be interested in documentation for other AX versions. And since the answer may vary from country to country, I'm primarily looking for an answer in respect to regulations in the US.

*This post is locked for comments

I have the same question (0)

All responses (1)

Answers (0)

Suggested answer

Vilmos Kintera 46,149 on at

Like (0)

Report
Copy link

Link copied!

I do not think you could find detailed documentation about this out there, especially a non-technical one.

Here are some generic information about AX database security best practices and PCI compliance requirements:

technet.microsoft.com/.../dn385338.aspx

Check the Transparent Data Encryption part, which is a feature of the SQL Server product, however that introduces new challenges. If something sits encrypted in the database, obviously you cannot do a search on that column since that would leak information.

Was this reply helpful? Yes No