{"id":148,"date":"2023-07-02T12:20:35","date_gmt":"2023-07-02T04:20:35","guid":{"rendered":"http:\/\/keysolutions.cn\/?p=148"},"modified":"2024-04-12T11:32:28","modified_gmt":"2024-04-12T03:32:28","slug":"facebook%e6%95%b0%e6%8d%ae%e4%bf%9d%e6%8a%a4%e8%af%84%e4%bc%b0-%e4%b9%8b-%e9%98%bb%e6%ad%a2%e5%bc%80%e6%94%be%e5%b9%b3%e5%8f%b0%e6%95%b0%e6%8d%ae%e5%ad%98%e5%82%a8%e5%9c%a8%e7%bb%84%e7%bb%87%e5%92%8c","status":"publish","type":"post","link":"http:\/\/keysolutions.cn\/?p=148","title":{"rendered":"Facebook\u6570\u636e\u4fdd\u62a4\u8bc4\u4f30 \u4e4b \u963b\u6b62\u5f00\u653e\u5e73\u53f0\u6570\u636e\u5b58\u50a8\u5728\u7ec4\u7ec7\u548c\u4e2a\u4eba\u7684\u8bbe\u5907\u4e2d"},"content":{"rendered":"\n
\"\"<\/figure>\n\n\n\n
\n

<\/p>\n\u4f60\u5728\u4e0a\u9762\u63d0\u5230\uff0c\u4f1a\u963b\u6b62\u5f00\u653e\u5e73\u53f0\u6570\u636e\u5b58\u50a8\u5728\u7ec4\u7ec7\u548c\u4e2a\u4eba\u7684\u8bbe\u5907\u4e2d\u3002\u8bf7\u8be6\u7ec6\u8bf4\u8bf4\u4f60\u662f\u5982\u4f55\u5b9e\u65bd\u8fd9\u9879\u4fdd\u62a4\u63aa\u65bd\u7684\u3002<\/cite><\/blockquote>\n\n\n\n

\u6211\u7684\u7b2c\u4e00\u6b21\u56de\u7b54\uff0c\u8c08\u5230\u4e86\u901a\u8fc7\u6743\u9650\u7ba1\u7406\u3001\u5f00\u53d1\u73af\u5883\u548c\u6b63\u5f0f\u73af\u5883\u9694\u79bb\u3001\u4ee3\u7801\u5ba1\u67e5\u7b49\uff0c\u663e\u7136Facebook\u5ba1\u67e5\u5458\u89c9\u5f97\u8bc1\u636e\u4e0d\u8db3\uff0c\u6536\u5230\u4e86\u9700\u8981\u66f4\u591a\u4fe1\u606f\u7684\u56de\u590d\uff1a<\/p>\n\n\n\n

\n

<\/p>\nthis question relates to platform data saved on organizational and personal devices of employees. To reduce the risk of unauthorized Platform Data access, Developers must have either technical controls (preferred) or administrative controls (not preferred, but acceptable) relevant to Platform Data on organizational devices (e.g., laptops) and removable media. Please provide evidence of one of the following:

Technical controls – examples of technical controls include:
1) Allowing only managed devices to connect to the corporate network,
2) enforcing full disk encryption on managed devices (e.g., BitLocker),
3) Blocking removable media (e.g., USB drives) from being connected to managed devices,
4) using Data Loss Prevention (DLP) technology on managed devices.

Administrative controls – examples of administrative controls include written policy documentation and annual training about acceptable ways to handle Platform Data on organizational and personal devices.

Please see FAQ here: https:\/\/developers.facebook.com\/docs\/devel<\/cite><\/blockquote>\n\n\n\n

\u610f\u601d\u662f\u8bf4\uff0c\u8bc1\u636e\u4e0d\u8db3\uff0c\u9700\u8981\u4ee5\u4e0b\u4efb\u4e00\u9879\u7684\u8bc1\u636e\uff1a<\/p>\n\n\n\n

\u4e00\u3001\u6280\u672f\u63a7\u5236-\u6280\u672f\u63a7\u5236\u7684\u4f8b\u5b50\u5305\u62ec:
1)\u53ea\u5141\u8bb8\u88ab\u7ba1\u7406\u7684\u8bbe\u5907\u63a5\u5165\u4f01\u4e1a\u7f51\u7edc;
2)\u5728\u7ba1\u7406\u8bbe\u5907\u4e0a\u5f3a\u5236\u5168\u78c1\u76d8\u52a0\u5bc6(\u4f8b\u5982\uff0cBitLocker);
3)\u963b\u6b62\u53ef\u79fb\u52a8\u5a92\u4f53(\u5982USB\u9a71\u52a8\u5668)\u8fde\u63a5\u5230\u7ba1\u7406\u8bbe\u5907;
4)\u5728\u88ab\u7ba1\u7406\u8bbe\u5907\u4e0a\u4f7f\u7528\u6570\u636e\u4e22\u5931\u9884\u9632(DLP)\u6280\u672f\u3002<\/p>\n\n\n\n

\u4e8c\u3001\u7ba1\u7406\u63a7\u5236\u2014\u2014\u7ba1\u7406\u63a7\u5236\u7684\u4f8b\u5b50\u5305\u62ec\u4e66\u9762\u653f\u7b56\u6587\u6863\u548c\u5173\u4e8e\u5728\u7ec4\u7ec7\u548c\u4e2a\u4eba\u8bbe\u5907\u4e0a\u5904\u7406\u5e73\u53f0\u6570\u636e\u7684\u53ef\u63a5\u53d7\u65b9\u5f0f\u7684\u5e74\u5ea6\u57f9\u8bad\u3002<\/p>\n\n\n\n

\u7b2c\u4e8c\u6b21\u56de\u590d\uff0c\u6211\u9009\u62e9\u4e86\u7ba1\u7406\u63a7\u5236\u65b9\u9762\u7684\uff0c\u4e0a\u4f20\u4e86\u4e00\u4efd\u5173\u4e8e\u89c4\u8303\u6570\u636e\u5b58\u50a8\u548c\u4f7f\u7528\u7684\u653f\u7b56\u6587\u6863\uff0c\u7b49\u4e862\u4e2a\u591a\u6708\u7684\u5ba1\u6838\uff0c\u4ee5\u4e3a\u5c31\u8fd9\u6837\u6df7\u8fc7\u53bb\u4e86\uff0c\u8c01\u77e5\u90533\u4e2a\u6708\u4ee5\u540e\uff0c\u6536\u5230\u4ee5\u4e0b\u56de\u590d\uff1a<\/p>\n\n\n\n

\n

<\/p>\nThank you for your response, however, provided evidence is not sufficient. we need more information to determine whether you have implemented these protections in a way that meets our requirements. Please read the reviewer notes and the text below for instructions on what to do next. If we don\u2019t receive a satisfactory response to this follow up, you will be in violation of this required protection.
Reviewer notes
1) Policy\/procedure evidence was insufficient, and
2) Implementation evidence was missing Policy\/procedure evidence Our review determined that your policy\/procedure evidence was either missing or insufficient.
You must respond with a written description of how you prevent Platform Data from being stored on organizational and personal devices. Your response must clearly explain how your approach relates to our requirements (https:\/\/developers.facebook.com\/docs\/development\/maintaining-data-access\/data-protection-assessment\/data-security#req-org-devices). If you have enacted technical protections, such as blocking personal devices from having network access and requiring Data Loss Prevention (DLP) software on your organization\u2019s laptops, you should describe the tools and configuration you have applied. If you are relying on administrative protections (i.e., rules or policies): 1) tell us what that policy says, 2) iIf the policy refers to data classification levels (e.g., public data vs confidential data), explain what category Platform Data belongs to in your classification. Note: it is NOT an acceptable approach for this protection to answer that no such policies or rules exist but that only a small number of people (e.g., administrators) have access to the data. Implementation evidence Our review determined that your implementation evidence was either missing or insufficient. You must respond with one or more pieces of implementation evidence that illustrates how you have enacted these protections. It may help you to refer to examples of acceptable evidence (https:\/\/developers.facebook.com\/docs\/development\/maintaining-data-access\/data-protection-assessment\/data-security#evidence-org-devices) that we have included in our documentation. If you have enacted technical protections to prevent Platform Data from being stored on organizational and personal devices, include evidence from the relevant tool(s) or configuration(s) that enforce the protection. If you are relying on administrative protections (i.e., rules or policies), your implementation evidence should demonstrate how people in your organization have been made aware of the policies, e.g., an email announcement or an audit log of employees that have signed an agreement on acceptable use of data. Remember to redact sensitive details from your evidence (https:\/\/developers.facebook.com\/docs\/development\/maintaining-data-access\/data-protection-assessment\/data-security#redact-evidence) before uploading it to us.<\/cite><\/blockquote>\n\n\n\n

\u5ba1\u67e5\u5458\u8bf4\u653f\u7b56\u8bc1\u636e\u548c\u6267\u884c\u8bc1\u636e\u90fd\u4e0d\u8db3\u591f\uff0c\u5982\u679c\u60a8\u4f9d\u8d56\u4e8e\u884c\u653f\u4fdd\u62a4(\u4f8b\u5982\uff0c\u89c4\u5219\u6216\u653f\u7b56)\uff0c\u60a8\u7684\u5b9e\u65bd\u8bc1\u636e\u5e94\u8bc1\u660e\u60a8\u7ec4\u7ec7\u4e2d\u7684\u4eba\u5458\u5982\u4f55\u4e86\u89e3\u8fd9\u4e9b\u653f\u7b56\uff0c\u4f8b\u5982\uff0c\u7535\u5b50\u90ae\u4ef6\u516c\u544a\u6216\u5df2\u7b7e\u7f72\u53ef\u63a5\u53d7\u6570\u636e\u4f7f\u7528\u534f\u8bae\u7684\u5458\u5de5\u7684\u5ba1\u8ba1\u65e5\u5fd7\u3002<\/p>\n\n\n\n

\u53ef\u80fd\u6211\u7ed9\u7684\u653f\u7b56\u6587\u6863\u5bf9\u8fd9\u65b9\u9762\u7684\u8bf4\u660e\u4e0d\u591f\uff0c\u8865\u5145\u4e86\u5f88\u591a\uff0c\u7136\u540e\u518d\u6b21\u63d0\u4ea4\uff0c\u7b49\u4e86\u4e00\u4e2a\u6708\u4e0d\u5230\uff0c\u5ba1\u67e5\u5458\u56de\u590d\uff1a<\/p>\n\n\n\n

\n

<\/p>\nQ10.b – Thanks for your response. The policy is sufficient. However, we require a implementation evidence. Please provide it. Screenshot evidence that you are informing all of your employees that storage of platform data on organizational devices is forbidden. This can come in the form of an annual training on the relevant controls, message reminders to all employees, or a contractual agreement as a condition of employment (NDAs is not typically sufficient). Please note that if you provide a contractual agreement, the agreement should specifically cover restrictions on storage of platform data to be considered for this requirement. If you do store platform data on organizational devices or have any other questions, please consult our FAQ on this requirement: (https:\/\/developers.facebook.com\/docs\/development\/maintaining-data-access\/data-protection-assessment\/data-security#req-org-devices). Remember to redact sensitive details from your evidence (https:\/\/developers.facebook.com\/docs\/development\/maintaining-data-access\/data-protection-assessment\/data-security#redact-evidence) before uploading it to us.<\/cite><\/blockquote>\n\n\n\n

\u653f\u7b56\u662f\u8db3\u591f\u7684\u3002\u7136\u800c\uff0c\u6211\u4eec\u9700\u8981\u4e00\u4e2a\u5b9e\u73b0\u8bc1\u636e\u3002\u8bf7\u63d0\u4f9b\u3002\u622a\u56fe\u8bc1\u660e\u4f60\u6b63\u5728\u901a\u77e5\u6240\u6709\u5458\u5de5\u7981\u6b62\u5728\u7ec4\u7ec7\u8bbe\u5907\u4e0a\u5b58\u50a8\u5e73\u53f0\u6570\u636e\u3002\u8fd9\u53ef\u4ee5\u4ee5\u76f8\u5173\u63a7\u5236\u7684\u5e74\u5ea6\u57f9\u8bad\u3001\u5bf9\u6240\u6709\u5458\u5de5\u7684\u4fe1\u606f\u63d0\u9192\u6216\u4f5c\u4e3a\u96c7\u4f63\u6761\u4ef6\u7684\u5408\u540c\u534f\u8bae\u7684\u5f62\u5f0f\u51fa\u73b0(\u4fdd\u5bc6\u534f\u8bae\u901a\u5e38\u662f\u4e0d\u591f\u7684)\u3002\u8bf7\u6ce8\u610f\uff0c\u5982\u679c\u60a8\u63d0\u4f9b\u4e86\u5408\u540c\u534f\u8bae\uff0c\u8be5\u534f\u8bae\u5e94\u7279\u522b\u6db5\u76d6\u4e3a\u6b64\u8981\u6c42\u8003\u8651\u7684\u5e73\u53f0\u6570\u636e\u5b58\u50a8\u9650\u5236\u3002<\/p>\n\n\n\n

\u8bf4\u660e\u4e0a\u9762\u7684\u653f\u7b56\u89c4\u8303\u6587\u6863\u662f\u901a\u8fc7\u4e86\uff0c\u6267\u884c\u8bc1\u636e\u53c2\u8003\u5ba1\u67e5\u5458\u7684\u56de\u590d\uff0c\u6784\u9020\u4e86\u4e00\u4efd\u5e74\u5ea6\u57f9\u8badPPT\u3001\u4ee5\u53ca\u5e74\u5ea6\u57f9\u8bad\u8bb0\u5f55\uff0c\u626b\u63cf\u6210PDF\uff0c\u4e0a\u4f20\uff0c\u7136\u540e\u5927\u7ea6\u7b49\u4e86\u4e00\u4e2a\u793c\u62dc\uff0c\u6536\u5230\u90ae\u4ef6\u8bf4\u6570\u636e\u4fdd\u62a4\u5df2\u5b8c\u6210\u3002<\/p>\n\n\n\n

\u5927\u529f\u544a\u6210\uff01<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

\u8054\u7cfb\u90ae\u7bb1\uff1a keysolutions@foxmail.com<\/p>\n","protected":false},"excerpt":{"rendered":"

\u4f60\u5728\u4e0a\u9762\u63d0\u5230\uff0c\u4f1a\u963b\u6b62\u5f00\u653e\u5e73\u53f0\u6570\u636e\u5b58\u50a8\u5728\u7ec4\u7ec7\u548c\u4e2a\u4eba\u7684\u8bbe\u5907\u4e2d\u3002\u8bf7\u8be6\u7ec6\u8bf4\u8bf4\u4f60\u662f\u5982\u4f55\u5b9e\u65bd\u8fd9\u9879\u4fdd\u62a4\u63aa\u65bd\u7684\u3002 \u6211\u7684\u7b2c\u4e00\u6b21\u56de\u7b54\uff0c\u8c08\u5230\u4e86\u901a\u8fc7\u6743\u9650\u7ba1\u7406\u3001\u5f00\u53d1\u73af\u5883\u548c\u6b63\u5f0f\u73af\u5883\u9694\u79bb\u3001\u4ee3\u7801\u5ba1\u67e5\u7b49\uff0c\u663e\u7136Facebook\u5ba1\u67e5\u5458\u89c9\u5f97...<\/p>\n","protected":false},"author":1,"featured_media":159,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3],"tags":[6,24,7,10,25],"_links":{"self":[{"href":"http:\/\/keysolutions.cn\/index.php?rest_route=\/wp\/v2\/posts\/148"}],"collection":[{"href":"http:\/\/keysolutions.cn\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/keysolutions.cn\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/keysolutions.cn\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/keysolutions.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=148"}],"version-history":[{"count":10,"href":"http:\/\/keysolutions.cn\/index.php?rest_route=\/wp\/v2\/posts\/148\/revisions"}],"predecessor-version":[{"id":489,"href":"http:\/\/keysolutions.cn\/index.php?rest_route=\/wp\/v2\/posts\/148\/revisions\/489"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/keysolutions.cn\/index.php?rest_route=\/wp\/v2\/media\/159"}],"wp:attachment":[{"href":"http:\/\/keysolutions.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=148"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/keysolutions.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=148"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/keysolutions.cn\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=148"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}