UCF ID: 04555 |
Control Type: Process or Activity |
Status: Live |
Supporting and supported controls
This control directly supports:
- • Capture the records required by the organizational policy. [UCF Control ID 00912]
There are no supporting controls.
Authority documents complied with:
ISO/IEC 15408-2 Common Criteria for Information Technology Security Evaluation Part 2, 2008, § 11.7, § F.7
ISO Guidance
The security policy of the system should be enforced when importing user data from outside the system. Some examples of user data are data from floppy disks, scanners, or video signals without any security attributes, importing data from a medium and verifying the attributes are appropriate, and importing using cryptographic techniques. When importing user data, the security attributes will be transferred with the data. If the user data does not have attributes associated with it, the system will assign the data appropriate security attributes. [§ 11.7, § F.7, ISO/IEC 15408-2 Common Criteria for Information Technology Security Evaluation Part 2, 2008]
Metrics
The metrics associated with this control are as follows:
- • Report on the percentage of information assets that have been reviewed and classified. [UCF Control ID 02053]
Copyright 2005-2009 Unified Compliance Framework™. All rights reserved.