| SRG-OS-000036 |
CCI-000099 |
The operating system must employ automated
mechanisms to enable authorized users to make information
sharing decisions based on access authorizations of sharing
partners and access restrictions on information to be
shared. |
Depending on the information sharing
circumstance, the sharing partner may be defined at the
individual, group, or organization level and information may
be defined by specific content, type, or security
categorization. The operating system must restrict data in
some manner (e.g., privileged medical, contract-sensitive,
proprietary, personally identifiable information, special
access programs/compartments) and must provide the
capability to automatically enable authorized users to make
information sharing decisions based upon access
authorizations. |