This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
dido:public:ra:1.4_req:2_nonfunc:25_security:confidentiality [2021/06/11 14:49] char |
dido:public:ra:1.4_req:2_nonfunc:25_security:confidentiality [2021/08/06 13:59] (current) murphy [About] |
||
---|---|---|---|
Line 15: | Line 15: | ||
As a rule of thumb, it is best to treat all [[dido:public:ra:xapend:xapend.a_glossary:p:pii]] as confidential and to secure it (i.e., require [[dido:public:ra:xapend:xapend.a_glossary:a:authentication|authentication]] both to access the data and log access to the data). | As a rule of thumb, it is best to treat all [[dido:public:ra:xapend:xapend.a_glossary:p:pii]] as confidential and to secure it (i.e., require [[dido:public:ra:xapend:xapend.a_glossary:a:authentication|authentication]] both to access the data and log access to the data). | ||
- | The US [[dido:public:ra:xapend:xapend.b_stds:tech:nist]] describe the kinds of data that should be treated as PII(( | + | The US [[dido:public:ra:xapend:xapend.b_stds:tech:nist:start]] describe the kinds of data that should be treated as PII(( |
Erika McCallister Tim Grance and Karen Scarfone, | Erika McCallister Tim Grance and Karen Scarfone, | ||
__Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)__, | __Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)__, | ||
Line 25: | Line 25: | ||
* Name, such as full name, maiden name, mother‘s maiden name, or alias | * Name, such as full name, maiden name, mother‘s maiden name, or alias | ||
- | * Personal identification number, such as: \\ | + | * [[dido:public:ra:xapend:xapend.a_glossary:p:pin]], such as: \\ |
• Social security number (SSN), \\ | • Social security number (SSN), \\ | ||
• Passport number, \\ | • Passport number, \\ | ||
Line 37: | Line 37: | ||
* Address information, such as street address or email address | * Address information, such as street address or email address | ||
- | * Asset information, such as [[dido:public:ra:xapend:xapend.a_glossary:i:ip]] or [[dido:public:ra:xapend:xapend.a_glossary:m:mac]] address or other host-specific persistent static identifier that consistently links to a particular person or small, well-defined group of people | + | * Asset information, such as [[dido:public:ra:xapend:xapend.a_glossary:i:ip]] or [[dido:public:ra:xapend:xapend.a_glossary:m:mac]] address or other host-specific persistent static [[dido:public:ra:xapend:xapend.a_glossary:i:id|identifier]] that consistently links to a particular person or small, well-defined group of people |
* Telephone numbers, including mobile, business, and personal numbers | * Telephone numbers, including mobile, business, and personal numbers | ||
* Personal characteristics, including photographic image (especially of face or other distinguishing characteristic), x-rays, fingerprints, or other [[dido:public:ra:xapend:xapend.a_glossary:b:biometrics | Biometric]] image or template data (e.g., retina scan, voice signature, facial geometry) | * Personal characteristics, including photographic image (especially of face or other distinguishing characteristic), x-rays, fingerprints, or other [[dido:public:ra:xapend:xapend.a_glossary:b:biometrics | Biometric]] image or template data (e.g., retina scan, voice signature, facial geometry) |