Back

Establish, implement, and maintain a record classification scheme.


CONTROL ID
00914
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain records management policies., CC ID: 00903

This Control has the following implementation support Control(s):
  • Establish, implement, and maintain a business activity classification standard., CC ID: 00915
  • Establish, implement, and maintain records registration procedures., CC ID: 00913
  • Define the terms used in the record classification scheme., CC ID: 00916
  • Establish, implement, and maintain a records authentication system., CC ID: 11648
  • Allocate record identifiers to reference the records as a part of document tracking., CC ID: 11662
  • Allocate document serial numbers to reference the records as a part of document tracking., CC ID: 00917
  • Establish and maintain an index of all official records., CC ID: 00918
  • Associate records with their security attributes., CC ID: 06764
  • Establish, implement, and maintain electronic signature requirements., CC ID: 06219


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • All information stored in a database and that may be exported to a different system or contains different classifications should be labeled appropriately. (§ 3.5.30, Australian Government ICT Security Manual (ACSI 33))
  • There should be a process in place for managing the organization's documents throughout the complete document lifecycle, including categorisation of important documents as records. (CF.03.02.06b, The Standard of Good Practice for Information Security)
  • There should be a process in place for managing the organization's documents throughout the complete document lifecycle, including categorisation of important documents as records. (CF.03.02.06b, The Standard of Good Practice for Information Security, 2013)
  • Business activities should be classified because they provide the organization with multiple benefits. These include: providing linkages between individual records which accumulate to provide a continuous record of activity, ensuring records are named in a consistent manner over time, assisting in t… (§ 9.5, ISO 15489-1:2001, Information and Documentation: Records management: Part 1: General)
  • The organization is required to create a business classification scheme and functions-based processes for deciding what records need to be captured and how long they should be retained. (§ 3.2.2, ISO 15489-2: 2001, Information and Documentation: Records management: Part 2: Guidelines)
  • Classification system developers may ensure systems derive their terminology from business activities and business functions, not Organizational Unit names. (§ 4.2.2.2 ¶ 8(a), ISO 15489-2: 2001, Information and Documentation: Records management: Part 2: Guidelines)
  • Classification system developers may ensure classification systems are specific for each organization and provide a standard and consistent way to share information amongst organizational units for interrelated functions. (§ 4.2.2.2 ¶ 8(b), ISO 15489-2: 2001, Information and Documentation: Records management: Part 2: Guidelines)
  • Classification system developers may ensure classification systems are hierarchical. (§ 4.2.2.2 ¶ 8(c), ISO 15489-2: 2001, Information and Documentation: Records management: Part 2: Guidelines)
  • Classification system developers may ensure classification systems have unambiguous terms that reflect organizational usage. (§ 4.2.2.2 ¶ 8(d), ISO 15489-2: 2001, Information and Documentation: Records management: Part 2: Guidelines)
  • Classification system developers may ensure the classification system have enough groupings and sub-groupings for all of the business activities and business functions that are being documented. (§ 4.2.2.2 ¶ 8(e), ISO 15489-2: 2001, Information and Documentation: Records management: Part 2: Guidelines)
  • Classification system developers may ensure that classification systems have discrete groupings. (§ 4.2.2.2 ¶ 8(f), ISO 15489-2: 2001, Information and Documentation: Records management: Part 2: Guidelines)
  • Classification system developers may ensure that classification systems are created in consultation with the records creators. (§ 4.2.2.2 ¶ 8(g), ISO 15489-2: 2001, Information and Documentation: Records management: Part 2: Guidelines)
  • Classification system developers may ensure that classification systems are kept up-to-date to reflect changing business needs, business functions, and business activities. (§ 4.2.2.2 ¶ 8(h), ISO 15489-2: 2001, Information and Documentation: Records management: Part 2: Guidelines)
  • All records should be categorized into record types and have the retention periods and type of storage media needed assigned. (§ 15.1.3, ISO 27002 Code of practice for information security management, 2005)
  • All of the documented information should be classified (see ISO/IEC 27001:2013, A.8.2.1) in accordance with the organization's classification scheme. Documented information should be protected and handled in accordance with its classification level (see ISO/IEC 27001:2013, A.8.2.3). (§ 7.5.3 Guidance ¶ 2, ISO/IEC 27003:2017, Information technology — Security techniques — Information security management systems — Guidance, Second Edition, 2017-03)
  • providing templates for different types of documented information; (§ 7.5.2 Guidance ¶ 2(c), ISO/IEC 27003:2017, Information technology — Security techniques — Information security management systems — Guidance, Second Edition, 2017-03)
  • Procedures exist to classify data in accordance with classification policies and monitor and update the classification on a periodic basis. (Security Prin. and Criteria Table § 3.8, Appendix B: Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy, TSP Section 100 Principles and Criteria)
  • Procedures exist to classify data in accordance with classification policies and monitor and update the classification on a periodic basis. (Avaliability Prin. and Criteria Table § 3.11, Appendix B: Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy, TSP Section 100 Principles and Criteria)
  • Procedures exist to classify data in accordance with classification policies and monitor and update the classification on a periodic basis. (Processing Integrity Prin. and Criteria Table § 3.12, Appendix B: Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy, TSP Section 100 Principles and Criteria)
  • Each Transmission Owner shall implement procedures, such as the use of non-disclosure agreements, for protecting sensitive or confidential information made available to the unaffiliated third party verifier and to protect or exempt sensitive or confidential information developed pursuant to this Rel… (B. R2. 2.4., North American Electric Reliability Corporation Critical Infrastructure Protection Standards Physical Security CIP-014-3, Version 3)
  • The organization must classify its technology or technical data to determine if an export license is required. (Part 6, Form I-129, Petition for a Nonimmigrant Worker, 11/23/10)
  • The Records Management Application shall be able to allow authorized individuals to select when data collection for optional metadata fields are required. (§ C2.2.3.4, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The Records Management Application shall be able to create, view, save, and print the complete or user-specified parts of the record metadata in a user-selectable order. (§ C2.2.3.6, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The Records Management Application shall be able to allow authorized individuals to arrange the record metadata components and user-defined record components on the data entry screens for filing. (§ C2.2.3.7, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The Records Management Application shall not allow metadata fields that are stated as not editable in this standard from being modified. (§ C2.2.3.9, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The Records Management Application shall restrict the defining and adding of user-defined metadata fields for site-specific requirements to authorized individuals. (§ C2.2.3.13, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The Records Management Application shall be able to view, print, or save the metadata associated with a specified record, set of records, or user-specified portions in a user-selectable order. (§ C2.2.3.14, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The Records Management Application shall be able to allow only authorized individuals to limit the record folders and record categories available to a user or workgroup. (§ C2.2.3.15, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The Records Management Application shall only show users the record categories or folders that are available to them for filing. (§ C2.2.3.15, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The Records Management Application shall be able to allow only authorized individuals to change the record folder or record category associated with the record. (§ C2.2.3.16, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The Records Management Application shall be able to link original superseded records to their successor records. (§ C2.2.3.18, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The Records Management Application shall be able to support multiple renditions of a record, which shall all be linked and associated. (§ C2.2.3.19, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The Records Management Application shall be able to increment the versions of the records while filing, along with linking and associating all versions. (§ C2.2.3.20, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The Records Management Application shall be able to automatically synchronize multiple databases and repositories. (§ C2.2.3.24, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The Records Management Application shall be able to let users create and maintain shortened quick-pick lists from the authorized lists. (§ C2.2.3.25, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The Records Management Application shall be able to let users create and maintain templates to automatically populate commonly used data into the record metadata fields. (§ C2.2.3.26, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The Records Management Application shall treat e-mail messages the same as other records and are subject to all requirements of this standard. (§ C2.2.4.1, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The Records Management Application shall capture and automatically store the transmission data and receipt data that is identified in table c2.t4, if it is available, as part of the metadata when the e-mail is filed as a record. (§ C2.2.4.2, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The Records Management Application shall allow authorized individuals with the ability to show when named events occurred for records and record folders with event-driven and time-event-driven dispositions. (§ C2.2.6.1.4, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The Records Management Application shall include a field for authorized individuals to enter the reason for freezing a record or record folder. (§ C2.2.6.4.2, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The Records Management Application shall have the ability to enter the date when records that are associated with a vital records folder are reviewed and updated. (§ C2.2.6.7.2, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The Records Management Application shall have the capability to file the audit data as a record. (§ C2.2.8.4, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The Records Management Application should have the capability to reorganize the file plan and automatically make those changes to all affected records and record folders. (§ C3.2.1, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The Records Management Application should have the capability for authorized individuals to bulk load the organization's pre-existing file plan. (§ C3.2.2.1, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The Records Management Application should have the capability for authorized individuals to bulk load electronic records. (§ C3.2.2.2, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The Records Management Application should have the capability for authorized individuals to bulk load record metadata. (§ C3.2.2.3, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The organization may determine that the Records Management Application needs to interface with desktop or server-based fax products in order to capture the fax in electronic format. (§ C3.2.7, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The organization may determine that it needs to use a bar code system with the Records Management Application. (§ C3.2.8, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The Records Management Application should have additional search and retrieval features and should include the capability to create, modify, or import more thesauri. (§ C3.2.9, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The organization may determine that the Records Management Application should have the capability to manage a document's draft versions and working versions and other potential record materials as they are being developed. (§ C3.2.11, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The Records Management Application should have the capability to implement the Government Information Locator Service requirements. (§ C3.2.16, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The Records Management Application should provide additional features to manage hardcopy records and other offline archives. (§ C3.2.17, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The Records Management Application shall populate the "current classification" field with the "initial classification" data when it is first entered. (§ C4.1.2, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The Records Management Application shall be able to allow users to edit the "current classification" field before filing. (§ C4.1.3, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The Records Management Application shall require that the "classified by" and "reason(s) for classification" fields must be populated if the the "derived from" field is not populated. (§ C4.1.4, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The Records Management Application shall provide the option of entering multiple "classified by" and "reason(s) for classification" fields when the "derived from" field is populated. (§ C4.1.5, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The Records Management Application shall have the ability to enter multiple sources when the classified information is derived from multiple sources. (§ C4.1.6, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The Records Management Application shall prompt the user to enter a description of the declassification event when the "event" option is selected in the "declassify on" field. (§ C4.1.7, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The Records Management Application shall have the capability for authorized individuals to establish and maintain the time period used to verify the "declassify on" field. (§ C4.1.9, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The "reason(s) for classification" field shall be automatically populated when a designated classification guide indicator is entered into the "derived from" field. (§ C4.1.10.1, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The "initial classification" field shall be automatically populated when a designated classification guide indicator is entered into the "derived from" field. (§ C4.1.10.2, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The "declassify on" field shall be automatically populated when a designated classification guide indicator is entered into the "derived from" field. (§ C4.1.10.3, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The responsibilities of the authorized individuals referred to in section c4.1.9 (establishing and maintaining the time period used for verifying the "declassify on" field) shall be accomplished by an Application Administrator (setting up and installing the database) or a privileged user (entering a… (Table C4.T2 Requirement C4.1.9, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The Records Management Application should have the capability to notify the user that a redacted version is available in an open Records Management Application. (§ C4.2.2, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The responsibilities of the authorized individuals referred to in section c2.2.3.4 (selecting when data collection for optional metadata fields is required) shall be accomplished by an Application Administrator (during setup) or a records manager (advising). (Table C2.T5 Requirement C2.2.3.4, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The responsibilities of the authorized individuals referred to in section c2.2.3.7 (arranging record metadata components and user-defined record components on the data entry screens) shall be accomplished by an Application Administrator (during setup) or a records manager (advising). (Table C2.T5 Requirement C2.2.3.7, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The responsibilities of the authorized individuals referred to in section c2.2.3.13 (defining and adding user-defined metadata fields for site-specific requirements) shall be accomplished by an Application Administrator (during setup) or a records manager (advising). (Table C2.T5 Requirement C2.2.3.13, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The responsibilities of the authorized individuals referred to in section c2.2.3.15 (limiting the record folders and record categories shown to workgroups or users) shall be accomplished by an Application Administrator (setting up record categories), a records manager (setting up record folders), or… (Table C2.T5 Requirement C2.2.3.15, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The responsibilities of the authorized individuals referred to in section c2.2.3.16 (changing a record folder or record category) shall be accomplished, as necessary, by an Application Administrator or a records manager. (Table C2.T5 Requirement C2.2.3.16, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The responsibilities of the authorized individuals referred to in section c2.2.6.1.4 (indicating when a named event has occurred for records or record folders) shall be accomplished by an Application Administrator (setting up the database), a records manager (linking dispositions to record categorie… (Table C2.T5 Requirement C2.2.6.1.4, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The responsibilities of the authorized individuals referred to in section c2.2.6.4.2 (entering the reason for freezing a record or record folder) shall be accomplished by an Application Administrator (setting up the database rules and business rules) or a records manager (freezing or unfreezing the … (Table C2.T5 Requirement C2.2.6.4.2, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • The responsibilities of the authorized individuals referred to in section c3.2.2 (bulk load capability) should be accomplished, as necessary, by an Application Administrator or a records manager. (Table C2.T5 Requirement C3.2.2, Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2)
  • Technical Surveillance Countermeasure program information shall be classified in accordance with the organization's regulatory documents. (§ 5.7, DoD Instruction 5240.5, DoD Technical Surveillance Countermeasures (TSCM) Survey Program, May 23, 1984)
  • Restricted data (RD) and formerly restricted data (FRD) remain classified until an authorized Government official declassifies it. The Department of Energy (DOE) determines when RD information may be declassified, and the DOE, along with the Department of Defense (DoD), determines when FRD informati… (§ 9-106, NISPOM - National Industrial Security Program Operating Manual (DoD 5220.22-M) February 26, 2006, February 28, 2006)
  • Ch 3 (Records Creation Requirements): The content originator must review, evaluate, and cost the information by reviewing content to ensure a federal requirement exists for creating the information; evaluating its worth in terms of current and future worth; and assigning the information a retention … (Ch 3 (Records Creation Requirements), Ch 6 (Electronic Recordkeeping Systems).d, Department of Health and Human Services Records Management Procedures Manual, Version 1.0 Final Draft)
  • To meet the minimum requirements for records maintenance, the organization must group information together by common subject matter when it is being created or accumulated and keep it with information with the same retention value. The retention value must be assigned by the originator. (Ch 4 (Maintenance Procedures).a, Department of Health and Human Services Records Management Procedures Manual, Version 1.0 Final Draft)
  • Determine whether there are separate accounts to control holdovers, adjustments, return items, rejects, etc. and whether they are periodically reconciled. (App A Tier 2 Objectives and Procedures I.11, FFIEC IT Examination Handbook - Retail Payment Systems, April 2016)