Term:Sensitive Information

From FISMApedia
Jump to: navigation, search

CNSSI 4009

Sensitive Information - Information, the loss, misuse, or unauthorized access to or modification of, that could adversely affect the national interest or the conduct of federal programs, or the privacy to which individuals are entitled under 5 U.S.C. Section 552a (the Privacy Act), but that has not been specifically authorized under criteria established by an Executive Order or an Act of Congress to be kept classified in the interest of national defense or foreign policy. (Systems that are not national security systems, but contain sensitive information, are to be protected in accordance with the requirements of the Computer Security Act of 1987 (P.L.100-235).)

DoDD 8500.01E

Sensitive Information - Information the loss, misuse, or unauthorized access to or modification of could adversely affect the national interest or the conduct of Federal programs, or the privacy to which individuals are entitled under Section 552a of title 5, United States Code, "The Privacy Act" ( reference (ac)), but which has not been specifically authorized under criteria established by Executive order or an Act of Congress to be kept secret in the interest of national defense or foreign policy (Section 278g-3 of title 15, United States Code, "The Computer Security Act of 1987" ( reference (ad)).) This includes information in routine DoD payroll, finance, logistics, and personnel management systems. Sensitive information sub- categories include, but are not limited to the following: E2.1.41.1. For Official Use Only (FOUO). In accordance with DoD 5400.7-R ( reference (ae)), DoD information exempted from mandatory public disclosure under the Freedom of Information Act (FOIA) ( reference (af)). E2.1.41.2. Privacy Data. Any record that is contained in a system of records, as defined in the reference (ac) and information the disclosure of which would constitute an unwarranted invasion of personal privacy. E2.1.41.3. DoD Unclassified Controlled Nuclear Information (DoD UCNI). Unclassified information on security measures (security plans, procedures and equipment) for the physical protection of DoD Special Nuclear Material (SNM), equipment, or facilities in accordance with DoD Directive 5210.83 ( reference (ag)). Information is Designated DoD UCNI when it is determined that its unauthorized disclosure could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by increasing significantly the likelihood of the illegal production of nuclear weapons or the theft, diversion, or sabotage of DoD SNM, equipment, or facilities. E2.1.41.4. Unclassified Technical Data. Data that is not classified, but is subject to export control and is withheld from public disclosure according to DoD Directive 5230.25 ( reference (ah)). E2.1.41.5. Proprietary. Information that is provided by a source or sources under the condition that it not be released to other sources. E2.1.41.6. Foreign Government Information. Information that originated from a foreign government and that is not classified CONFIDENTIAL or higher, but must be protected in accordance with reference (o). E2.1.41.7. Department of State Sensitive But Unclassified (DoS SBU). Information which originated from the DoS that has been determined to be SBU under appropriate DoS information security polices. E2.1.41.8. Drug Enforcement Administration (DEA) Sensitive Information. Information originated by the DEA that requires protection against unauthorized disclosure to protect sources and methods of investigative activity, evidence, and the integrity of pretrial investigative reports. E2.1.41.

DoDD 8581.01

Sensitive Information - Information whose loss, misuse, or unauthorized access to or modification of may adversely affect the national interest, the conduct of Federal programs, or the privacy to which individuals are entitled under 5 U.S.C. 552a ( reference (q)), but is not authorized to be kept secret in the interest of national defense or foreign policy under criteria established by an Executive Order or Act of Congress. This includes information in routine DoD payroll, finance, logistics, and personnel management systems. Examples of information to be treated as DoD sensitive include, but are not limited to, the following categories: E2.1.36.1. For Official Use Only. In accordance with DoD 5400.7-R ( reference (r)), DoD information exempted from mandatory public disclosure under the Freedom of Information Act ( reference (s)). E2.1.36.2. Unclassified Technical Data. Data related to military or dual-use technology which is subject to approval, licenses or authorization under the Arms Export Control Act ( reference (t)) is withheld from public disclosure in accordance with DoD Directive 5230.25 ( reference ( u)). E2.1.36.3. Department of State, Sensitive But Unclassified (SBU). Information that originated from the Department of State (DoS) that has been determined to be SBU under appropriate DoS information security polices. E2.1.36.4. Foreign Government Information. Information which originated from a foreign government and which is not classified CONFIDENTIAL or higher but must be protected in accordance with DoD 5200.1-R ( reference (v)). E2.1.36.5. Privacy Data. Any record, which is contained in a system of records, as defined in reference (p), and information the disclosure of which may constitute an unwarranted invasion of personal privacy. E2.1.36.6. DoD Unclassified Controlled Nuclear Information (DoD UCNI). Unclassified information on security measures (including security plans, procedures and equipment) for the physical protection of DoD Special Nuclear Material (SNM), equipment, or facilities in accordance with DoD Directive 5210.83 ( reference (w)). Information is designated DoD UCNI only when it is determined that its unauthorized disclosure may reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by increasing significantly the likelihood of the illegal production of nuclear weapons or the theft, diversion, or sabotage of DoD SNM, equipment, or facilities. E2.1.36.7. Proprietary Information. Information that is provided by a source or sources under the condition that it not be released to other sources. E2.1.36.8. Upper-Tier Data and Imagery. Upper-tier data and imagery are those designated under the terms of a commercial remote sensing system operator's license issued under reference (n) as being available only to the USG or to USG- approved customers. E2.1.36.9. Exclusive USG Use and Access Data and Imagery. Data and imagery from a commercial remote sensing system available exclusively to the USG are those data and imagery designated as upper-tier under the terms of a commercial remote sensing system operator's license issued under reference (n), those data and imagery covered under the terms of a USG order requiring the operator to limit data collection and/or distribution by the system during periods when national security or international obligations may be compromised (commonly referred to as "shutter control" orders), or data and imagery procured under the termsof an exclusive purchase contract. All such data and products are limited to the exclusive use and access by the USG or to USG-approved customers and they require special security and protection measures. E2.1.36.

DoDI 8500.02

Sensitive Information - Information, the loss, misuse, or unauthorized access to or modification of, could adversely affect the national interest or the conduct of Federal programs, or the privacy to which individuals are entitled under Section 552a of title 5, United States Code, "The Privacy Act" ( reference (z)), but which has not been specifically authorized under criteria established by Executive order or an Act of Congress to be kept secret in the interest of national defense or foreign policy. (Section 278g-3 of title 15, United States Code, "The Computer Security Act of 1987" ( reference (aa)). Examples of sensitive information include, but are not limited to information in DoD payroll, finance, logistics, and personnel management systems. Sensitive information sub- categories include, but are not limited to, the following: E2.1.51.1. For Official Use Only (FOUO). In accordance with DoD 5400.7-R ( reference (ab)), DoD information exempted from mandatory public disclosure under the Freedom of Information Act (FOIA) ( reference (ac)). E2.1.51.2. Privacy Data. Any record that is contained in a system of records as defined in the Privacy Act of 1974 (5 U.S.C. 552a) ( reference (z)) and information the disclosure of which would constitute an unwarranted invasion of personal privacy. E2.1.51.3. DoD Unclassified Controlled Nuclear Information (DoD UCNI). Unclassified Information on security measures (including security plans, procedures, and equipment) for the physical protection of DoD Special Nuclear Material (SNM), equipment, or facilities in accordance with DoD Directive 5210.83 ( reference (ad)). Information is Designated DoD UCNI only when it is determined that its unauthorized disclosure could reasonably be expected to have a significant adverse effect on the health and safety of the public or the common defense and security by increasing significantly the likelihood of the illegal production of nuclear weapons or the theft, diversion, or sabotage of DoD SNM, equipment, or facilities. E2.1.51.4. Unclassified Technical Data. Data that is not classified but is subject to export control and is withheld from public disclosure according to DoD Directive 5230.25 ( reference (ae)). E2.1.51.5. Proprietary Information. Information that is provided by a source or sources under the condition that it not be released to other sources. E2.1.51.6. Foreign Government Information. Information that originated from a foreign government and that is not classified CONFIDENTIAL or higher, but must be protected in accordance with DoD 5200.1-R ( reference (m)). E2.1.51.7. Department of State Sensitive But Unclassified (DoS SBU). Information that originated from the Department of State (DoS) that has been determined to be SBU under appropriate DoS information security polices. E2.1.51.8. Drug Enforcement Administration (DEA) Sensitive Information. Information that is originated by the Drug Enforcement Administration and requires protection against unauthorized disclosure to protect sources and methods of investigative activity, evidence, and the integrity of pretrial investigative reports. E2.1.51.

DoDI 8523.01

Sensitive Information - See Reference (e). E2.9.

GAO-09-232G

Sensitive Information - Any information that an entity has determined requires heightened protection from unauthorized access, use, disclosure, disruption, modification, or destruction [e.g., by using specific access controls] because of the nature of the information (e.g., personal information required to be protected by the Privacy Act, proprietary commercial information, information critical to law enforcement activities, and information that has or may be determined to be exempt from public release under the Freedom of Information Act).

NIST SP 800-26

Sensitive Information - Sensitive Information refers to information whose loss, misuse, or unauthorized access to or modification of could adversely affect the national interest or the conduct of Federal programs or the privacy to which individuals are entitled.

NIST SP 800-53r3

Sensitive Information - Information, the loss, misuse, or unauthorized access to or modification of, that could adversely affect the national interest or the conduct of federal programs, or the privacy to which individuals are entitled under 5 U.S.C. Section 552a (the Privacy Act), but that has not been specifically authorized under criteria established by an Executive Order or an Act of Congress to be kept classified in the interest of national defense or foreign policy. [CNSSI 4009]

NSTISSI 1000

Sensitive Information - Information, the loss, misuse, or unauthorized access to or modification of, which could adversely affect the national interest or the conduct of the federal programs, or the privacy to which individuals are entitled under 5 U.S.C. Section 552A (the Privacy Act), but that has not been specifically authorized under criteria established by an Executive Order or an Act of Congress to be kept classified in the interest of national defense or foreign policy. (Systems that are not national security systems, but contain sensitive information, are to be protected in accordance with the requirements of the Computer Security Act of 1987 (P.L. 100-235).)