Title: The application must employ automated mechanisms enabling authorized users to make information sharing decisions based on access authorizations of sharing partners and access restrictions on information to be shared.
Vulnerability ID: V-32202
IA Controls: None
Description: User based collaboration and information sharing applications present challenges regarding classification and dissemination of information generated and shared among the application users. These types of applications are intended to share information created and stored within the application; however, not all users have a need to view all data created or stored within the collaboration tool.
Collaboration tools and all applications handling information that may be restricted in some manner (e.g., privileged medical, contract-sensitive, proprietary, personally identifiable information, special access programs/compartments) must provide the capability to automatically enable authorized users to make information sharing decisions based upon access authorizations.
Depending on the information-sharing circumstance, the sharing partner may be defined at the individual, group, or organization level and information may be defined by specific content, type, or security categorization.
This requirement is specific to collaboration software. This requirement is NA for databases.
Check Text: This check is NA for databases.
Fix Text: This fix is NA for databases.[divider]