This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
dido:public:ra:1.4_req:2_nonfunc:25_security:confidentiality [2020/12/07 09:20] nick |
dido:public:ra:1.4_req:2_nonfunc:25_security:confidentiality [2021/08/06 13:59] (current) murphy [About] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== 4.2.4.1 Confidentiality ====== | + | ====== 4.3.4.1 Confidentiality ====== |
[[dido:public:ra:1.4_req:2_nonfunc:25_security | Return to Securability ]] | [[dido:public:ra:1.4_req:2_nonfunc:25_security | Return to Securability ]] | ||
===== About ===== | ===== About ===== | ||
- | [[dido:public:ra:xapend:xapend.a_glossary | Return to Glossary ]] | + | [[dido:public:ra:xapend:xapend.a_glossary:c:confidentiality]] is usually covered by the use of a[[dido:public:ra:xapend:xapend.a_glossary:c:confidentialityagreement | Confidentiality Agreement]] or [[dido:public:ra:xapend:xapend.a_glossary:n:nda]], which defines a set of rules or a promise limiting access or places restrictions on certain types of information. Areas that have legal agreements covering confidentiality are: |
- | + | ||
- | [[dido:public:ra:xapend:xapend.a_glossary:c:confidentiality]] is usually covered by the use of [[dido:public:ra:xapend:xapend.a_glossary:c:confidentialityagreement | Confidentiality Agreement]] or [[dido:public:ra:xapend:xapend.a_glossary:n:nda]] which defines a set of rules or a promise limiting access or places restrictions on certain types of information. Areas that have legal agreements covering confidentiality are: | + | |
* Legal Confidentiality | * Legal Confidentiality | ||
Line 15: | Line 13: | ||
* Religious Confidentiality | * Religious Confidentiality | ||
- | As a rule of thumb, it is best to treat all [[dido:public:ra:xapend:xapend.a_glossary:p:pii]] as confidential and to secure it (i.e., require [[dido:public:ra:xapend:xapend.a_glossary:a:authentication|authentication]] and authentication to access the data, log access to the data). | + | As a rule of thumb, it is best to treat all [[dido:public:ra:xapend:xapend.a_glossary:p:pii]] as confidential and to secure it (i.e., require [[dido:public:ra:xapend:xapend.a_glossary:a:authentication|authentication]] both to access the data and log access to the data). |
- | The US [[dido:public:ra:xapend:xapend.b_stds:tech:nist]] describe the kinds of data that should be treated as PII(( | + | The US [[dido:public:ra:xapend:xapend.b_stds:tech:nist:start]] describe the kinds of data that should be treated as PII(( |
Erika McCallister Tim Grance and Karen Scarfone, | Erika McCallister Tim Grance and Karen Scarfone, | ||
__Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)__, | __Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)__, | ||
Line 27: | Line 25: | ||
* Name, such as full name, maiden name, mother‘s maiden name, or alias | * Name, such as full name, maiden name, mother‘s maiden name, or alias | ||
- | * Personal identification number, such as: | + | * [[dido:public:ra:xapend:xapend.a_glossary:p:pin]], such as: \\ |
- | * Social security number (SSN), | + | • Social security number (SSN), \\ |
- | * Passport number, | + | • Passport number, \\ |
- | * Driver‘s license number, | + | • Driver‘s license number, \\ |
- | * Taxpayer identification number, | + | • Taxpayer identification number, \\ |
- | * Patient identification number, and | + | • Patient identification number, \\ |
- | * Financial account number | + | • Financial account number, and \\ |
- | * Credit card number | + | • Credit card number \\ |
NIST also identifies information which potentially can be used to identify people: | NIST also identifies information which potentially can be used to identify people: | ||
* Address information, such as street address or email address | * Address information, such as street address or email address | ||
- | * Asset information, such as [[dido:public:ra:xapend:xapend.a_glossary:i:ip]] or [[dido:public:ra:xapend:xapend.a_glossary:m:mac]] address or other host-specific persistent static identifier that consistently links to a particular person or small, well-defined group of people | + | * Asset information, such as [[dido:public:ra:xapend:xapend.a_glossary:i:ip]] or [[dido:public:ra:xapend:xapend.a_glossary:m:mac]] address or other host-specific persistent static [[dido:public:ra:xapend:xapend.a_glossary:i:id|identifier]] that consistently links to a particular person or small, well-defined group of people |
* Telephone numbers, including mobile, business, and personal numbers | * Telephone numbers, including mobile, business, and personal numbers | ||
* Personal characteristics, including photographic image (especially of face or other distinguishing characteristic), x-rays, fingerprints, or other [[dido:public:ra:xapend:xapend.a_glossary:b:biometrics | Biometric]] image or template data (e.g., retina scan, voice signature, facial geometry) | * Personal characteristics, including photographic image (especially of face or other distinguishing characteristic), x-rays, fingerprints, or other [[dido:public:ra:xapend:xapend.a_glossary:b:biometrics | Biometric]] image or template data (e.g., retina scan, voice signature, facial geometry) | ||
Line 46: | Line 44: | ||
===== DIDO Specifics ===== | ===== DIDO Specifics ===== | ||
- | [[dido:public:ra:xapend:xapend.a_glossary | Return to Glossary ]] | + | [[dido:public:ra:1.4_req:2_nonfunc:25_security:confidentiality | Return to Top ]] |
+ | : <wrap hi><color red> To be added/expanded in future revisions of the DIDO RA </color></wrap> | ||
/**=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | /**=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- |