The IT Law Wiki


32,195pages on
this wiki
Add New Page
Talk0 Share

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.

Definitions Edit

General Edit

Need-to-know is

the necessity for access to, knowledge of, or possession of specific information required to carry out official duties.[1]
[a] determination which is made by an authorized holder of classified or proprietary information as to whether or not a prospective recipient requires access to specific the information in order to perform or assist in a lawful and authorized governmental function.[2]
[t]he determination made by an authorized user of information that a prospective recipient requires access to specific information to perform or assist in a lawful and authorized governmental function, i.e., access is required for the performance of official duties.[3]
[a] method of isolating information resources based on a user's need to have access to that resource in order to perform their job but no more. The terms "need-to know" and "least privilege" express the same idea. Need-to-know is generally applied to people, while least privilege is generally applied to processes.[4]
a practice that restricts information or resources in the execution of a task outside of what is critical in order to complete that task, despite clearance level.[5]
[r]equested information is pertinent and necessary to the requestor agency in initiating, furthering, or completing an investigation.[6]

Security Edit

Need-to-know means that as a result of jurisdictional, organizational, or operational necessities, intelligence or information is disseminated to further an investigation.

References Edit

  1. A Guide to Understanding Information System Security Officer Responsibilities for Automated Information Systems.
  2. OPSEC Glossary of Terms.
  3. Protected Critical Infrastructure Information Program Procedures Manual, at App. 2-4.
  4. CNSSI 4009.
  5. A Comparison of Cross-Sector Cyber Security Standards, at 11 n.14.
  6. Criminal Intelligence File Guidelines.

See also Edit

Also on Fandom

Random Wiki