Data is protected from unauthorized access, accurate, and availability when needed. Data is secured and controlled along the whole data life cycle, subject to requirements, legal restrictions, and data owner specifications. Data is protected with respect to confidentiality, integrity, availability, authentication and non-repudiation, while at rest, in transit, and in use.
|
|
| Source | AC/322-D(2024)0166 |
| Remark/Example | The principle of data security underscores the importance of protecting data throughout its lifecycle, adhering to requirements, legal restrictions, and data owner specifications. This involves safeguarding data at rest, in use, and in transit with respect to confidentiality, integrity, availability, authentication and non-repudiation. Comprehensive data security strategies encompassing people, processes, and technologies are essential to mitigate physical and cyber threats effectively. Allies and the NATO Enterprise prioritize information security by implementing measures such as federated identity and access management, security classification standards, data loss prevention technologies, and compliance testing. Additionally, fostering a security-conscious organizational culture through employee training and delineating data security roles and responsibilities reinforces this principle. Compliance with NATO Security Policies is paramount to safeguarding NATO data across all operations, ensuring data protection within applications, analytics, and C4ISR and combat systems. Employing disciplined approaches like attribute-based access control enhances data security while maximizing its utility. Progress in achieving data security is evidenced by implementing granular privilege management, regularly assessing classification criteria, and enforcing compliance standards. Furthermore, the implementation of approved security markings, data loss prevention technology, and robust auditing mechanisms ensures that only authorized users can access and share data securely, with access and handling restriction metadata bound to data in an immutable manner. |