The IT Law Wiki
The IT Law Wiki

Definitions[]

General[]

Need-to-know is

the necessity for access to, knowledge of, or possession of specific information required to carry out official duties.[1]
[a] determination which is made by an authorized holder of classified or proprietary information as to whether or not a prospective recipient requires access to specific the information in order to perform or assist in a lawful and authorized governmental function.[2]
[t]he determination made by an authorized user of information that a prospective recipient requires access to specific information to perform or assist in a lawful and authorized governmental function, i.e., access is required for the performance of official duties.[3]
[a] method of isolating information resources based on a user's need to have access to that resource in order to perform their job but no more. The terms "need-to know" and "least privilege" express the same idea. Need-to-know is generally applied to people, while least privilege is generally applied to processes.[4]
a practice that restricts information or resources in the execution of a task outside of what is critical in order to complete that task, despite clearance level.[5]
[r]equested information is pertinent and necessary to the requestor agency in initiating, furthering, or completing an investigation.[6]

Security[]

Need-to-know means that as a result of jurisdictional, organizational, or operational necessities, intelligence or information is disseminated to further an investigation.

References[]

See also[]