PE-22 Component Marking
Mark pe-22_odp indicating the impact level or classification level of the information permitted to be processed, stored, or transmitted by the hardware component.
| Parameter ID | Definition |
|---|---|
| pe-22_odp | system hardware components |
Baselines
- L
- M
- H
- P
Guidance
Hardware components that may require marking include input and output devices. Input devices include desktop and notebook computers, keyboards, tablets, and smart phones. Output devices include printers, monitors/video displays, facsimile machines, scanners, copiers, and audio devices. Permissions controlling output to the output devices are addressed in AC-3 or AC-4 . Components are marked to indicate the impact level or classification level of the system to which the devices are connected, or the impact level or classification level of the information permitted to be output. Security marking refers to the use of human-readable security attributes. Security labeling refers to the use of security attributes for internal system data structures. Security marking is generally not required for hardware components that process, store, or transmit information determined by organizations to be in the public domain or to be publicly releasable. However, organizations may require markings for hardware components that process, store, or transmit public information in order to indicate that such information is publicly releasable. Marking of system hardware components reflects applicable laws, executive orders, directives, policies, regulations, and standards.
References 1
- IR 8023 Dempsey KL, Paulsen C (2015) Risk Management for Replication Devices. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Interagency or Internal Report (IR) 8023.
Related controls 4
- AC-03 Access Enforcement L M H P
- AC-04 Information Flow Enforcement L M H P
- AC-16 Security and Privacy Attributes L M H P
- MP-03 Media Marking L M H P