SC-42 (1) Reporting To Authorized Individuals Or Roles | | In situations where sensors are activated by authorized individuals (e.g., end users), it is still possible that the data/information collected by the sensors will be sent to unauthorized entities. The organization ensures that the information system is configured so that data or information collected by the Assignment: organization-defined sensors is only reported to authorized individuals or roles. Information collected by sensors for a specific authorized purpose potentially could be misused for some unauthorized purpose. For example, GPS sensors that are used to support traffic navigation could be misused to track movements of individuals. Measures to mitigate such activities include, for example, additional training to ensure that authorized parties do not abuse their authority, or (in the case where sensor data/information is maintained by external parties) contractual restrictions on the use of the data/information. The organization employs the following measures: Assignment: organization-defined measures, so that data or information collected by Assignment: organization-defined sensors is only used for authorized purposes. SC-42 (3) Prohibit Use Of Devices | | For example, organizations may prohibit individuals from bringing cell phones or digital cameras into certain facilities or specific controlled areas within facilities where classified information is stored or sensitive conversations are taking place. The organization prohibits the use of devices possessing Assignment: organization-defined environmental sensing capabilities in Assignment: organization-defined facilities, areas, or systems. |