Data classification defines and categorizes data according to its type, sensitivity, and value. It helps ensure data confidentiality/integrity and makes it easier to access (Organizations usually design their data classification models and categories)
Classification based on reviewing each piece of data and looking for sensitive information
Classification based on metadata and environmental information (Indirect indicators of sensitive information) like the application or the person that created the document
Classification based on a person's discretion and knowledge (User needs to know what's inside the document)
Data requires the highest degree of protection, and disclosure of it would cause exceptionally grave damage to national security
- Policy for conducting intelligence
Disclosure of it would cause serious damage to national security
- Indications of weakness
Disclosure of it would cause damage to national security
- Intelligence reports
Data is not classified and disclosure of it would cause limited damage to national security
- For Official Use Only (FOUO)
- Limited Official Use (LOU)
- Official Use Only (OUO)
Data is not classified and non-sensitive
High sensitive data and access is restricted to specific individuals or authorized third parties (disclosure to it would lead to permanent damage)
- SSN
- Credit cards
- Criminal Record
- Medical info
- Biometric data
Sensitive data that is team-wide and disclosure to it would harm the origination operation
- Vendor contracts
- Employees salaries
- Names, addresses, and dates
Non-Sensitive data that is origination-wide and cannot be disclosed to anyone
- Internal policies
- Internal user guides
- Ogrinzaitonl charts
- Project documents
Information that can be disclosed to anyone
- Public API documents
- Job titles and names
- Open API Data
26cd3e61-5f3f-422b-85bd-80734411a7e8