Difference between revisions of "Need-To-Know"
Jump to navigation
Jump to search
(→United States) |
|||
| Line 4: | Line 4: | ||
{{definition|Need-to-know (NTK) is a method of isolating information resources based on a user's need to have access to that resource in order to perform their job but no more. <ref name="NISTIR7298">[http://nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7298r2.pdf NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013]</ref>}} | {{definition|Need-to-know (NTK) is a method of isolating information resources based on a user's need to have access to that resource in order to perform their job but no more. <ref name="NISTIR7298">[http://nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7298r2.pdf NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013]</ref>}} | ||
The terms ‘need-to know” and “least privilege” express the same idea. Need-to-know is generally applied to people, while least privilege is generally applied to processes.<br /> | The terms ‘need-to know” and “least privilege” express the same idea. Need-to-know is generally applied to people, while least privilege is generally applied to processes.<br /> | ||
| + | |||
| + | ===== [[DoD]]===== | ||
| + | {{definition|Need to know is a criterion used in security procedures that requires the custodians of classified information to establish, prior to disclosure, that the intended recipient must have access to the information to perform his or her official duties (source: JP 2-01.2) <ref>[http://www.dtic.mil/doctrine/new_pubs/jp1_02.pdf Joint Publication 1-02: Department of Defense Dictionary of Military and Associated Terms (2016)]</ref>}}<br/><br /> | ||
<!--- | <!--- | ||
| Line 9: | Line 12: | ||
--> | --> | ||
| + | |||
==See also== | ==See also== | ||
Revision as of 23:42, 21 September 2016
National Definitions
United States
NIST
Need-to-know (NTK) is a method of isolating information resources based on a user's need to have access to that resource in order to perform their job but no more. [1]
The terms ‘need-to know” and “least privilege” express the same idea. Need-to-know is generally applied to people, while least privilege is generally applied to processes.
DoD
Need to know is a criterion used in security procedures that requires the custodians of classified information to establish, prior to disclosure, that the intended recipient must have access to the information to perform his or her official duties (source: JP 2-01.2) [2]
