This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
dido:public:ra:1.4_req:2_nonfunc:25_security:confidentiality [2021/06/08 23:19] char |
dido:public:ra:1.4_req:2_nonfunc:25_security:confidentiality [2021/08/06 13:59] (current) murphy [About] |
||
---|---|---|---|
Line 3: | Line 3: | ||
===== About ===== | ===== About ===== | ||
- | [[dido:public:ra:xapend:xapend.a_glossary:c:confidentiality]] is usually covered by the use of [[dido:public:ra:xapend:xapend.a_glossary:c:confidentialityagreement | Confidentiality Agreement]] or [[dido:public:ra:xapend:xapend.a_glossary:n:nda]] which defines a set of rules or a promise limiting access or places restrictions on certain types of information. Areas that have legal agreements covering confidentiality are: | + | [[dido:public:ra:xapend:xapend.a_glossary:c:confidentiality]] is usually covered by the use of a[[dido:public:ra:xapend:xapend.a_glossary:c:confidentialityagreement | Confidentiality Agreement]] or [[dido:public:ra:xapend:xapend.a_glossary:n:nda]], which defines a set of rules or a promise limiting access or places restrictions on certain types of information. Areas that have legal agreements covering confidentiality are: |
* Legal Confidentiality | * Legal Confidentiality | ||
Line 13: | Line 13: | ||
* Religious Confidentiality | * Religious Confidentiality | ||
- | As a rule of thumb, it is best to treat all [[dido:public:ra:xapend:xapend.a_glossary:p:pii]] as confidential and to secure it (i.e., require [[dido:public:ra:xapend:xapend.a_glossary:a:authentication|authentication]] and authentication to access the data, log access to the data). | + | As a rule of thumb, it is best to treat all [[dido:public:ra:xapend:xapend.a_glossary:p:pii]] as confidential and to secure it (i.e., require [[dido:public:ra:xapend:xapend.a_glossary:a:authentication|authentication]] both to access the data and log access to the data). |
- | The US [[dido:public:ra:xapend:xapend.b_stds:tech:nist]] describe the kinds of data that should be treated as PII(( | + | The US [[dido:public:ra:xapend:xapend.b_stds:tech:nist:start]] describe the kinds of data that should be treated as PII(( |
Erika McCallister Tim Grance and Karen Scarfone, | Erika McCallister Tim Grance and Karen Scarfone, | ||
__Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)__, | __Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)__, | ||
Line 25: | Line 25: | ||
* Name, such as full name, maiden name, mother‘s maiden name, or alias | * Name, such as full name, maiden name, mother‘s maiden name, or alias | ||
- | * Personal identification number, such as: \\ | + | * [[dido:public:ra:xapend:xapend.a_glossary:p:pin]], such as: \\ |
• Social security number (SSN), \\ | • Social security number (SSN), \\ | ||
• Passport number, \\ | • Passport number, \\ | ||
Line 37: | Line 37: | ||
* Address information, such as street address or email address | * Address information, such as street address or email address | ||
- | * Asset information, such as [[dido:public:ra:xapend:xapend.a_glossary:i:ip]] or [[dido:public:ra:xapend:xapend.a_glossary:m:mac]] address or other host-specific persistent static identifier that consistently links to a particular person or small, well-defined group of people | + | * Asset information, such as [[dido:public:ra:xapend:xapend.a_glossary:i:ip]] or [[dido:public:ra:xapend:xapend.a_glossary:m:mac]] address or other host-specific persistent static [[dido:public:ra:xapend:xapend.a_glossary:i:id|identifier]] that consistently links to a particular person or small, well-defined group of people |
* Telephone numbers, including mobile, business, and personal numbers | * Telephone numbers, including mobile, business, and personal numbers | ||
* Personal characteristics, including photographic image (especially of face or other distinguishing characteristic), x-rays, fingerprints, or other [[dido:public:ra:xapend:xapend.a_glossary:b:biometrics | Biometric]] image or template data (e.g., retina scan, voice signature, facial geometry) | * Personal characteristics, including photographic image (especially of face or other distinguishing characteristic), x-rays, fingerprints, or other [[dido:public:ra:xapend:xapend.a_glossary:b:biometrics | Biometric]] image or template data (e.g., retina scan, voice signature, facial geometry) | ||
Line 46: | Line 46: | ||
[[dido:public:ra:1.4_req:2_nonfunc:25_security:confidentiality | Return to Top ]] | [[dido:public:ra:1.4_req:2_nonfunc:25_security:confidentiality | Return to Top ]] | ||
- | //<color #FF0000><todo>TBD - to be added/expanded in future revisions of the DIDO RA</todo></color>// | + | : <wrap hi><color red> To be added/expanded in future revisions of the DIDO RA </color></wrap> |
/**=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | /**=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- | ||
/* To add a discussion page to this page, comment out the line that says | /* To add a discussion page to this page, comment out the line that says |