Customer got the following question from their Cyber Security team.

Indicate whether the application temporarily stores sensitive, confidential, or highly classified data in any intermediate or runtime components. This includes volatile or transient storage such as system memory (RAM), CPU registers, application-level variables, session storage, caching mechanisms, or temporary buffers during processing or while the data is actively in use. Volatile storage refers to memory that loses its contents when power is lost (e.g., RAM, CPU registers), while transient storage refers to temporary data storage during runtime. 

14.1

Yes, sensitive data is briefly present in volatile memory, but not encrypted there. CA Directory mitigates risk through hashed password storage, TLS protection in transit, and immediate cleanup after processing.