dido:public:ra:1.4_req:2_nonfunc:25_security:confidentiality
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
dido:public:ra:1.4_req:2_nonfunc:25_security:confidentiality [2020/11/15 20:02] nick |
dido:public:ra:1.4_req:2_nonfunc:25_security:confidentiality [2021/08/06 13:59] (current) murphy [About] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== 4.2.4.1 Confidentiality ====== | + | ====== 4.3.4.1 Confidentiality ====== |
| [[dido:public:ra:1.4_req:2_nonfunc:25_security | Return to Securability ]] | [[dido:public:ra:1.4_req:2_nonfunc:25_security | Return to Securability ]] | ||
| ===== About ===== | ===== About ===== | ||
| - | [[dido:public:ra:xapend:xapend.a_glossary | Return to Glossary ]] | + | [[dido:public:ra:xapend:xapend.a_glossary:c:confidentiality]] is usually covered by the use of a[[dido:public:ra:xapend:xapend.a_glossary:c:confidentialityagreement | Confidentiality Agreement]] or [[dido:public:ra:xapend:xapend.a_glossary:n:nda]], which defines a set of rules or a promise limiting access or places restrictions on certain types of information. Areas that have legal agreements covering confidentiality are: |
| - | + | ||
| - | [[dido:public:ra:xapend:xapend.a_glossary:c:confidentiality]] is usually covered by the use of [[dido:public:ra:xapend:xapend.a_glossary:c:confidentialityagreement | Confidentiality Agreement]] or [[dido:public:ra:xapend:xapend.a_glossary:n:nda]] which defines a set of rules or a promise limiting access or places restrictions on certain types of information. Areas that have legal agreements covering confidentiality are: | + | |
| * Legal Confidentiality | * Legal Confidentiality | ||
| Line 15: | Line 13: | ||
| * Religious Confidentiality | * Religious Confidentiality | ||
| - | As a rule of thumb, it is best to treat all [[dido:public:ra:xapend:xapend.a_glossary:p:pii]] as confidential and to secure it (i.e., require [[dido:public:ra:xapend:xapend.a_glossary:a:authentication|authentication]] and authentication to access the data, log access to the data). | + | As a rule of thumb, it is best to treat all [[dido:public:ra:xapend:xapend.a_glossary:p:pii]] as confidential and to secure it (i.e., require [[dido:public:ra:xapend:xapend.a_glossary:a:authentication|authentication]] both to access the data and log access to the data). |
| - | The US [[dido:public:ra:xapend:xapend.b_stds:tech:nist]] describe the kinds of data that should be treated as PII(( | + | The US [[dido:public:ra:xapend:xapend.b_stds:tech:nist:start]] describe the kinds of data that should be treated as PII(( |
| Erika McCallister Tim Grance and Karen Scarfone, | Erika McCallister Tim Grance and Karen Scarfone, | ||
| __Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)__, | __Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)__, | ||
| Line 27: | Line 25: | ||
| * Name, such as full name, maiden name, mother‘s maiden name, or alias | * Name, such as full name, maiden name, mother‘s maiden name, or alias | ||
| - | * Personal identification number, such as: | + | * [[dido:public:ra:xapend:xapend.a_glossary:p:pin]], such as: \\ |
| - | * Social security number (SSN), | + | • Social security number (SSN), \\ |
| - | * Passport number, | + | • Passport number, \\ |
| - | * Driver‘s license number, | + | • Driver‘s license number, \\ |
| - | * Taxpayer identification number, | + | • Taxpayer identification number, \\ |
| - | * Patient identification number, and | + | • Patient identification number, \\ |
| - | * Financial account number | + | • Financial account number, and \\ |
| - | * Credit card number | + | • Credit card number \\ |
| NIST also identifies information which potentially can be used to identify people: | NIST also identifies information which potentially can be used to identify people: | ||
| * Address information, such as street address or email address | * Address information, such as street address or email address | ||
| - | * Asset information, such as [[dido:public:ra:xapend:xapend.a_glossary:i:ip]] or Media Access Control (MAC)address or other host-specific persistent static identifier that consistently links to a particular person or small, well-defined group of people | + | * Asset information, such as [[dido:public:ra:xapend:xapend.a_glossary:i:ip]] or [[dido:public:ra:xapend:xapend.a_glossary:m:mac]] address or other host-specific persistent static [[dido:public:ra:xapend:xapend.a_glossary:i:id|identifier]] that consistently links to a particular person or small, well-defined group of people |
| * Telephone numbers, including mobile, business, and personal numbers | * Telephone numbers, including mobile, business, and personal numbers | ||
| * Personal characteristics, including photographic image (especially of face or other distinguishing characteristic), x-rays, fingerprints, or other [[dido:public:ra:xapend:xapend.a_glossary:b:biometrics | Biometric]] image or template data (e.g., retina scan, voice signature, facial geometry) | * Personal characteristics, including photographic image (especially of face or other distinguishing characteristic), x-rays, fingerprints, or other [[dido:public:ra:xapend:xapend.a_glossary:b:biometrics | Biometric]] image or template data (e.g., retina scan, voice signature, facial geometry) | ||
| Line 45: | Line 43: | ||
| * Information about an individual that is linked or linkable to one of the above (e.g., date of birth, place of birth, race, religion, weight, activities, geographical indicators, employment information, medical information, education information, financial information). | * Information about an individual that is linked or linkable to one of the above (e.g., date of birth, place of birth, race, religion, weight, activities, geographical indicators, employment information, medical information, education information, financial information). | ||
| - | ===== DDS Specifics ===== | + | ===== DIDO Specifics ===== |
| - | [[dido:public:ra:xapend:xapend.a_glossary | Return to Glossary ]] | + | [[dido:public:ra:1.4_req:2_nonfunc:25_security:confidentiality | Return to Top ]] |
| + | : <wrap hi><color red> To be added/expanded in future revisions of the DIDO RA </color></wrap> | ||
| /**=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | /**=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | ||
dido/public/ra/1.4_req/2_nonfunc/25_security/confidentiality.1605488571.txt.gz · Last modified: 2020/11/15 20:02 by nick
