-
- \item\pass{} Verify that the application does not log
- sensitive
- data as defined under local privacy laws or
- regulations, organizational sensitive data as
- defined by a risk assessment, or sensitive
- authentication data that could assist an attacker,
- including user's session identifiers, passwords,
- hashes, or AP
- I tokens.