Need-To-Know
Jump to navigation
Jump to search
Contents
International Definitions
IAEA
Need to know is
(1) A rule by which individuals, processes, and systems are granted access to only the information, capabilities and assets which are necessary for execution of their authorized functions.
(2) A principle under which users, processes and systems are granted access to only the information, capabilities and assets which are necessary for execution of their authorized functions. [1]
(1) A rule by which individuals, processes, and systems are granted access to only the information, capabilities and assets which are necessary for execution of their authorized functions.
(2) A principle under which users, processes and systems are granted access to only the information, capabilities and assets which are necessary for execution of their authorized functions. [1]
National Definitions
Italy
Necessità di conoscere: Principio che subordina l’accesso a determinate informazioni all’effettiva indispensabilità ai fini dello svolgimento di specifici compiti istituzionali. [2]
In materia di tutela della sicurezza delle informazioni, è una condizione aggiuntiva rispetto al possesso del Nulla Osta di Sicurezza per accedere ad informazioni con classifica superiore a riservato.
United States
NIST
Need-to-know (NTK) is a method of isolating information resources based on a user's need to have access to that resource in order to perform their job but no more. [3]
The terms ‘need-to know” and “least privilege” express the same idea. Need-to-know is generally applied to people, while least privilege is generally applied to processes.
DoD
Need to know is a criterion used in security procedures that requires the custodians of classified information to establish, prior to disclosure, that the intended recipient must have access to the information to perform his or her official duties (source: JP 2-01.2) [4]
See also
Notes
- ↑ IAEA - Nuclear Security Series Glossary Version 1.3 (November 2015)
- ↑ IL LINGUAGGIO DEGLI ORGANISMI INFORMATIVI Glossario (2013)
- ↑ NISTIR 7298 rev 2: Glossary of Key Information Security Terms, May 2013
- ↑ Joint Publication 1-02: Department of Defense Dictionary of Military and Associated Terms (2016)
