Database content is protected from personnel without a need-to-know.]]>
This section covers information relating to databases and interfaces to databases such as search engines.]]>
Protective markings can be applied to records, tables or to the database as a whole, depending on structure and use. Query results will often need a protective marking to reflect the aggregate of the information retrieved.]]>
Agencies MUST ensure that all classified information stored within a database is associated with an appropriate protective marking if the information:
- could be exported to a different system; or
- contains differing classifications or different handling requirements.
]]>
Agencies MUST ensure that protective markings are applied with a level of granularity sufficient to clearly define the handling requirements for any classified information retrieved or exported from a database.]]>
Agencies SHOULD ensure that all classified information stored within a database is associated with an appropriate protective marking if the information:
- could be exported to a different system; or
- contains differing classifications or different handling requirements.
]]>
Agencies SHOULD ensure that protective markings are applied with a level of granularity sufficient to clearly define the handling requirements for any classified information retrieved or exported from a database.]]>
Even though a database may provide access controls to stored data, the database files themselves MUST also be protected.]]>
Agencies MUST protect database files from access that bypasses the database’s normal access controls.]]>
Agencies SHOULD protect database files from access that bypass normal access controls.]]>
If system users’ interactions with databases are not logged and audited, agencies will not be able to appropriately investigate any misuse or compromise of database content.]]>
Agencies MUST enable logging and auditing of system users’ actions.]]>
Agencies SHOULD ensure that databases provide functionality to allow for auditing of system users’ actions.]]>
Even if a search engine restricts viewing of classified information that a system user does not have sufficient security clearances to access, the associated metadata can contain information above the security clearances of the system user. In such cases, restricting access to, or sanitising, this metadata effectively controls the possible release of information the system user is not cleared to view.]]>
If results from database queries cannot be appropriately filtered, agencies MUST ensure that all query results are appropriately sanitised to meet the minimum security clearances of system users.]]>
Agencies SHOULD ensure that system users who do not have sufficient security clearances to view database contents cannot see or interrogate associated metadata in a list of results from a search engine query.]]>