Difference between revisions of "Need-To-Know"

From CIPedia
Jump to navigation Jump to search
(United States)
Line 1: Line 1:
 +
== International Definitions==
 +
=== [[IAEA]] ===
 +
{{definition|Need to know is<br/>(1) A rule by which individuals, processes, and systems are granted access to only the information, capabilities and assets which are necessary for execution of their authorized functions. <br/>(2) A principle under which users, processes and systems are granted access to only the information, capabilities and assets which are necessary for execution of their authorized functions. <ref>[https://www-ns.iaea.org/downloads/security/nuclear-security-series-glossary-v1-3.pdf IAEA - Nuclear Security Series Glossary Version 1.3 (November 2015)]</ref>}}<br/><br/>
 +
 
== National Definitions==
 
== National Definitions==
 
====[[United States]]====
 
====[[United States]]====
Line 24: Line 28:
  
 
[[Category:Information]][[Category:Security]]
 
[[Category:Information]][[Category:Security]]
{{#set:defined by=United States|defined by=NIST}}
+
{{#set:defined by=IAEA|defined by=United States|defined by=NIST|defined by=DoD}}

Revision as of 16:03, 29 December 2016

International Definitions

IAEA

Need to know is
(1) A rule by which individuals, processes, and systems are granted access to only the information, capabilities and assets which are necessary for execution of their authorized functions.
(2) A principle under which users, processes and systems are granted access to only the information, capabilities and assets which are necessary for execution of their authorized functions. [1]



National Definitions

United States

NIST
Need-to-know (NTK) is a method of isolating information resources based on a user's need to have access to that resource in order to perform their job but no more. [2]

The terms ‘need-to know” and “least privilege” express the same idea. Need-to-know is generally applied to people, while least privilege is generally applied to processes.

DoD
Need to know is a criterion used in security procedures that requires the custodians of classified information to establish, prior to disclosure, that the intended recipient must have access to the information to perform his or her official duties (source: JP 2-01.2) [3]




See also

Notes