Which core protection principle restricts how much access is granted to CUI?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Study for the DOD Instruction 5200.48 Controlled Unclassified Information (CUI) exam. Prepare with flashcards and multiple choice questions, each with detailed hints and explanations. Ensure success on your test day!

Multiple Choice

Which core protection principle restricts how much access is granted to CUI?

Explanation:
Access should be restricted to the minimum necessary for performing the required tasks. This is the idea behind the least privilege principle. By giving users only the smallest set of permissions they need to do their job with CUI, you reduce the chance of accidental mistakes, data leaks, or misuse if an account is compromised. For example, someone who only needs to read CUI for a specific project should not have editing or export rights, and their access should not extend to unrelated data. Need-to-know is related in that it determines whether a person should access the data at all, but least privilege focuses on the degree of access once approval is granted. Full access would defeat the purpose by broadening permissions far beyond what’s necessary, and public release is incompatible with protecting CUI.

Access should be restricted to the minimum necessary for performing the required tasks. This is the idea behind the least privilege principle. By giving users only the smallest set of permissions they need to do their job with CUI, you reduce the chance of accidental mistakes, data leaks, or misuse if an account is compromised. For example, someone who only needs to read CUI for a specific project should not have editing or export rights, and their access should not extend to unrelated data.

Need-to-know is related in that it determines whether a person should access the data at all, but least privilege focuses on the degree of access once approval is granted. Full access would defeat the purpose by broadening permissions far beyond what’s necessary, and public release is incompatible with protecting CUI.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy