Description
a. Enable authorized users to determine whether access authorizations assigned to a sharing partner match the information's access and use restrictions for [Assignment: organization-defined information sharing circumstances where user discretion is required]; and b. Employ [Assignment: organization-defined automated mechanisms or manual processes] to assist users in making information sharing and collaboration decisions.
Supplemental Guidance
Information sharing applies to information that may be restricted in some manner based on some formal or administrative determination. Examples of such information include contract-sensitive information, classified information related to special access programs or compartments, privileged information, proprietary information, and personally identifiable information. Security and privacy risk assessments as well as applicable laws, regulations, and policies can provide useful guidance for discretionary information-sharing decisions.
Changes from Rev 4
No significant changes from Rev 4.
MITRE ATT&CK Techniques (5)
ATT&CK v16.1Techniques mitigated by this control, mapped via CTID.