This control does not prescribe the use of any specific tool or technology. Understanding data types and location, and when the data is transmitted internally and outside of the boundary can be accomplished through multiple implementations. This functionality should be in place in operations and can inform design and architecture decisions. If there is a single solution or there are multiple technologies that use automated mechanisms to identify the location and type of data and protect the organizational and privacy data, that meets the intent of the control. The solution should be documented in the SSP. Ultimately, the authorizing official will determine if the documented solution meets the intent of the control and properly identifies and protects the organizational and privacy information.
Comments
0 comments
Please sign in to leave a comment.