SC-42(1): Reporting To Authorized Individuals Or Roles

Threats Addressed:


(Not part of any baseline)

Next Version:

Control Statement

The organization ensures that the information system is configured so that data or information collected by the [Assignment: organization-defined sensors] is only reported to authorized individuals or roles.

Supplemental Guidance

In situations where sensors are activated by authorized individuals (e.g., end users), it is still possible that the data/information collected by the sensors will be sent to unauthorized entities.