Definitions Edit

General Edit

Need-to-know is

the necessity for access to, knowledge of, or possession of specific information required to carry out official duties.[1]
[a] determination which is made by an authorized holder of classified or proprietary information as to whether or not a prospective recipient requires access to specific the information in order to perform or assist in a lawful and authorized governmental function.[2]
[t]he determination made by an authorized user of information that a prospective recipient requires access to specific information to perform or assist in a lawful and authorized governmental function, i.e., access is required for the performance of official duties.[3]
[a] method of isolating information resources based on a user's need to have access to that resource in order to perform their job but no more. The terms "need-to know" and "least privilege" express the same idea. Need-to-know is generally applied to people, while least privilege is generally applied to processes.[4]
a practice that restricts information or resources in the execution of a task outside of what is critical in order to complete that task, despite clearance level.[5]
[r]equested information is pertinent and necessary to the requestor agency in initiating, furthering, or completing an investigation.[6]

Security Edit

Need-to-know means that as a result of jurisdictional, organizational, or operational necessities, intelligence or information is disseminated to further an investigation.

References Edit

  1. A Guide to Understanding Information System Security Officer Responsibilities for Automated Information Systems.
  2. OPSEC Glossary of Terms.
  3. Protected Critical Infrastructure Information Program Procedures Manual, at App. 2-4.
  4. CNSSI 4009.
  5. A Comparison of Cross-Sector Cyber Security Standards, at 11 n.14.
  6. Criminal Intelligence File Guidelines.

See also Edit

Community content is available under CC-BY-SA unless otherwise noted.