I.A.3.c: Data Descriptions
Ensure that enterprise architecture descriptions of data incorporate security and privacy attributes. Other Information:
i. information confidentiality, integrity, and availability. FIPS PUB 199 and NIST SP 800-60 describe the methodology for
this activity. This guidance helps agencies map security impact levels in a consistent manner to types of information (e.g.,
privacy, medical, proprietary, financial, contractor sensitive, trade secret, investigation) and information system (mission
critical, mission support, administrative). ii. subject to privacy legislation. Especially consider the Privacy Act, eGov
Act, and HIPAA. iii. must be associated with a business purpose to properly assess associated risks.
Indicator(s):
|
