mirror of
https://github.com/strongdm/comply
synced 2024-11-22 15:44:55 +00:00
Updated Table 3
This commit is contained in:
parent
a642c812e3
commit
491bd00b20
@ -7,8 +7,7 @@ majorRevisions:
|
|||||||
- date: Jun 1 2018
|
- date: Jun 1 2018
|
||||||
comment: Initial document
|
comment: Initial document
|
||||||
---
|
---
|
||||||
|
# Appendices
|
||||||
#Appendices
|
|
||||||
|
|
||||||
Appendix A: Handling of Classified Information
|
Appendix A: Handling of Classified Information
|
||||||
|
|
||||||
@ -46,41 +45,47 @@ a. When classifying information, the level of confidentiality is determined by:
|
|||||||
|
|
||||||
i. Legal, regulatory and contractual obligations.
|
i. Legal, regulatory and contractual obligations.
|
||||||
|
|
||||||
a. Information must be classified based on confidentiality levels as defined in Table 3.
|
|
||||||
|
|
||||||
+-------------------+------------------+---------------------------+------------------+
|
+-------------------+------------------+---------------------------+---------------------------+
|
||||||
|**Confidentiality**| **Label** | **Classification** | **Access** |
|
|**Confidentiality**| **Label** | **Classification** | **Access** |
|
||||||
| **Level** | | **Criteria** | **Restrictions** |
|
| **Level** | | **Criteria** | **Restrictions** |
|
||||||
+===================+==================+===========================+==================+
|
+===================+==================+===========================+============================+
|
||||||
| Public | FOR PUBLIC | Making the information | Information |
|
| Public | For Public | Making the information | Information is available |
|
||||||
| | RELEASE | public will not harm | is available to |
|
| | Release | public will not harm | to the public. |
|
||||||
| | | the organization in | to the public. |
|
| | | the organization in | |
|
||||||
| | | any way. | |
|
| | | any way. | |
|
||||||
+-------------------+------------------+---------------------------+------------------+
|
+-------------------+------------------+---------------------------+---------------------------+
|
||||||
| Internal Use | INTERNAL USE | Unauthorized access | Information |
|
| | | | |
|
||||||
| | | may cause minor damage | is available to |
|
+-------------------+------------------+---------------------------+---------------------------+
|
||||||
| | | and/or inconvenience | all employees |
|
| Internal Use | Internal Use | Unauthorized access | Information is available |
|
||||||
| | | to the organization. | and authorized |
|
| | | may cause minor damage | to all employees and |
|
||||||
| | | | third parties. |
|
| | | and/or inconvenience | authorized third parties. |
|
||||||
+-------------------+------------------+---------------------------+------------------+
|
| | | to the organization. |
|
||||||
| Restricted | RESTRICTED | Unauthorized access to | Information |
|
+-------------------+------------------+---------------------------+---------------------------+
|
||||||
| | | information may cause | is available only|
|
| | | | |
|
||||||
| | | considerable damage to | to a specific |
|
+-------------------+------------------+---------------------------+---------------------------+
|
||||||
| | | the business and/or | group of |
|
| Restricted | Restricted | Unauthorized access to | Information is available |
|
||||||
| | | the organization's | employees and |
|
| | | information may cause | to a specific group of |
|
||||||
| | | reputation. | authorized third |
|
| | | considerable damage to | employees and authhorized |
|
||||||
| | | | parties. |
|
| | | the business and/or | third parties. |
|
||||||
+-------------------+------------------+---------------------------+------------------+
|
| | | the organization's | |
|
||||||
| Confidential | CONFIDENTIAL | Unauthorized access to | Information is |
|
|
||||||
| | | information may cause | availalbe only to|
|
|
||||||
| | | catastrophic damage to | specific indivi- |
|
|
||||||
| | | business and/or the | duals in the |
|
|
||||||
| | | organization's | organization. |
|
|
||||||
| | | reputation. | |
|
| | | reputation. | |
|
||||||
+-------------------+------------------+---------------------------+------------------+
|
+-------------------+------------------+---------------------------+---------------------------+
|
||||||
|
| | | | |
|
||||||
|
+-------------------+------------------+---------------------------+---------------------------+
|
||||||
|
| Confidential |Confidential | Unauthorized access to | Information is available |
|
||||||
|
| | | information may cause | only to specific indivi- |
|
||||||
|
| | | catastrophic damage to | duals in the |
|
||||||
|
| | | business and/or the | organization. |
|
||||||
|
| | | organization's reputation.| |
|
||||||
|
+-------------------+------------------+---------------------------+---------------------------+
|
||||||
|
|
||||||
Table 3: Information Confidentiality Levels
|
Table 3: Information Confidentiality Levels
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
d. Information must be classified based on confidentiality levels as defined in Table 3.
|
||||||
|
|
||||||
e. Information and information system owners should try to use the lowest confidentiality level that ensures an adequate level of protection, thereby avoiding unnecessary production costs.
|
e. Information and information system owners should try to use the lowest confidentiality level that ensures an adequate level of protection, thereby avoiding unnecessary production costs.
|
||||||
|
|
||||||
f. Information classified as “Restricted” or “Confidential” must be accompanied by a list of authorized persons in which the information owner specifies the names or job functions of persons who have the right to access that information.
|
f. Information classified as “Restricted” or “Confidential” must be accompanied by a list of authorized persons in which the information owner specifies the names or job functions of persons who have the right to access that information.
|
||||||
|
Loading…
Reference in New Issue
Block a user