Ver:
es aquel
[modo seguro de operación] en el que todo el personal con acceso al Sistema
está autorizado para acceder al grado más elevado de clasificación de la
información manejada en el Sistema, y además posee la misma necesidad de
conocer. La separación de los datos no es un requisito del Sistema.
[CCN-STIC-001:2006]
El sistema se
emplea por personal habilitado con el mayor grado de clasificación y teniendo
en común la misma "necesidad de conocer" para toda la información
contenida en el sistema; la separación de los datos no es un requisito del
sistema. [CCN-STIC-103:2006]
Information
systems security mode of operation wherein each user, with direct or indirect
access to the system, its peripherals, remote terminals, or remote hosts, has
all of the following: 1) valid security clearance for all information within
the system, 2) formal access approval and signed nondisclosure agreements for
all the information stored and/or processed (including all compartments,
subcompartments, and/or special access programs), and 3) valid need-to-know for
all information contained within the information system. When in the dedicated
security mode, a system is specifically and exclusively dedicated to and
controlled for the processing of one particular type or classification of
information, either for full-time operation or for a specified period of time.
[CNSSI_4009:2010]
(I) A mode of
system operation wherein all users having access to the system possess, for all
data handled by the system, both (a) all necessary authorizations (i.e.,
security clearance and formal access approval) and (b) a need-to-know. (See:
/system operation/ under "mode", formal access approval, need to
know, protection level, security clearance.) [RFC4949:2007]
Temas relacionados