Mechanisms exist to restrict the disclosure of sensitive/regulated data to authorized parties with a need to know.
Control Question
Assessment question for control validation
Does the organization restrict the disclosure of sensitive/regulated data to authorized parties with a need to know?
Supply Chain Risk Management (SCRM) Tiers
Applicable SCRM tier levels for this control
Tier 2 - Operational
Tier 3 - Tactical
Core Control Designations
Special designations and baseline inclusions
ESP Level 2: DCH-03.1
ESP Level 3: DCH-03.1