Back

Exchange non-privacy related restricted information with approved third parties if the information supports an approved activity.


CONTROL ID
06243
CONTROL TYPE
Data and Information Management
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain information flow procedures., CC ID: 04542

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Without prejudice to paragraph 1, information exchanged on a confidential basis between the national competent authorities and between national competent authorities and the Commission shall not be disclosed without the prior consultation of the originating national competent authority and the user … (Article 70 2. ¶ 1, Proposal for a Regulation of The European Parliament and of The Council Laying Down Harmonized Rules On Artificial Intelligence (Artificial Intelligence Act) and Ameding Certain Union Legislative Acts)
  • Title IX of the Public Health Service Act (42 U.S.C. 299b-22), § 922(c)(2)(A), is amended to state that a provider or patient safety organization, for patient safety activities, shall disclose patient safety work product. (§ 2(a)(5), Patient Safety And Quality Improvement Act Of 2005, Public Law 109-41, 109th Congress)
  • § 3.206(b)(4)(iv) Providers and patient safety organizations, for patient safety activities, may disclose to other patient safety organizations and providers nonidentifiable patient safety work product. § 3.206(b)(5) Providers and patient safety organizations may disclose nonidentifiable patient s… (§ 3.206(b)(4)(iv), § 3.206(b)(5), 42 CFR Part 3, Patient Safety and Quality Improvements, Final Rule)
  • The integrity of the security parameters that are exchanged between the smart grid Information Systems should be validated by the system. (SG.SC-14 Additional Considerations A1, NISTIR 7628 Guidelines for Smart Grid Cyber Security: Vol. 1, Smart Grid Cyber Security Strategy, Architecture, and High-Level Requirements, August 2010)