SC-42(2)
-
Requirement
Employ the following measures so that data or information collected by [Assignment: organization-defined sensors] is only used for authorized purposes: [Assignment: organization-defined measures].
-
Discussion
Information collected by sensors for a specific authorized purpose could be misused for some unauthorized purpose. For example, GPS sensors that are used to support traffic navigation could be misused to track the movements of individuals. Measures to mitigate such activities include additional training to help ensure that authorized individuals do not abuse their authority and, in the case where sensor data is maintained by external parties, contractual restrictions on the use of such data.
NIST 800-53A Assessment Guidance
CMMC Training
Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!