Definitions[edit | edit source]
General[edit | edit source]
|“||the necessity for access to, knowledge of, or possession of specific information required to carry out official duties.||”|
|“||[a] determination which is made by an authorized holder of classified or proprietary information as to whether or not a prospective recipient requires access to specific the information in order to perform or assist in a lawful and authorized governmental function.||”|
|“||[t]he determination made by an authorized user of information that a prospective recipient requires access to specific information to perform or assist in a lawful and authorized governmental function, i.e., access is required for the performance of official duties.||”|
|“||[a] method of isolating information resources based on a user's need to have access to that resource in order to perform their job but no more. The terms "need-to know" and "least privilege" express the same idea. Need-to-know is generally applied to people, while least privilege is generally applied to processes.||”|
|“||a practice that restricts information or resources in the execution of a task outside of what is critical in order to complete that task, despite clearance level.||”|
|“||[r]equested information is pertinent and necessary to the requestor agency in initiating, furthering, or completing an investigation.||”|
Security[edit | edit source]
References[edit | edit source]
- A Guide to Understanding Information System Security Officer Responsibilities for Automated Information Systems.
- OPSEC Glossary of Terms.
- Protected Critical Infrastructure Information Program Procedures Manual, at App. 2-4.
- CNSSI 4009.
- A Comparison of Cross-Sector Cyber Security Standards, at 11 n.14.
- Criminal Intelligence File Guidelines.
See also[edit | edit source]
Community content is available under CC-BY-SA unless otherwise noted.