March 2019 Contents
Table 1: Control satisfaction
Standard | Controls Satisfied |
---|---|
TSC | CC9.9 |
Table 2: Document history
Date | Comment |
---|---|
Jun 1 2018 | Initial document |
Table 3: Information Confidentiality Levels
Confidentiality Level | Label | Classification Criteria | Access Restrictions |
---|---|---|---|
Public | For Public Release | Making the information public will not harm the organization in any way. | Information is available to the public. |
Internal Use | Internal Use | Unauthorized access may cause minor damage and/or inconvenience to the organization. | Information is available to all employees and authorized third parties. |
Restricted | Restricted | Unauthorized access to information may cause considerable damage to the business and/or the organization’s reputation. | Information is available to a specific group of employees and authorized third parties. |
Confidential | Confidential | Unauthorized access to information may cause catastrophic damage to business and/or the organization’s reputation. | Information is available only to specific individuals in the organization. |
Information and information systems must be handled according to the following guidelines*:
In this document, controls are implemented cumulatively, meaning that controls for any confidentiality level imply the implementation of controls defined for lower confidentiality levels - if stricted controls are prescribed for a higher confidentiality level, then only such controls are implemented.