Status: Live
Ensure that the system has capabilities for assigning the appropriate information classification categories to information being imported manually. [UCF ID 04555]
Supporting and supported controls
This control directly supports:
- • Capture records as defined by organizational policy [UCF Control ID 00912]
There are no supporting controls.
Authority documents complied with:
ISO/IEC 15408-2:2008 Common Criteria for Information Technology Security Evaluation Part 2, 2008, § 11.7, § F.7
ISO Guidance
The security policy of the system should be enforced when importing user data from outside the system. Some examples of user data are data from floppy disks, scanners, or video signals without any security attributes, importing data from a medium and verifying the attributes are appropriate, and importing using cryptographic techniques. When importing user data, the security attributes will be transferred with the data. If the user data does not have attributes associated with it, the system will assign the data appropriate security attributes. [§ 11.7, § F.7, ISO/IEC 15408-2:2008 Common Criteria for Information Technology Security Evaluation Part 2, 2008]
Metrics
The metrics associated with this control are as follows:
- • Report on the percentage of information assets that have been reviewed and classified [UCF Control ID 02053]
Copyright 2005-2009 Unified Compliance Framework™. All rights reserved.