SC-42(2)—Authorized Use
>Control Description
Employ the following measures so that data or information collected by ⚙organization-defined sensors is only used for authorized purposes: ⚙organization-defined measures.
>Cross-Framework Mappings
>Supplemental Guidance
Information collected by sensors for a specific authorized purpose could be misused for some unauthorized purpose. For example, GPS sensors that are used to support traffic navigation could be misused to track the movements of individuals. Measures to mitigate such activities include additional training to help ensure that authorized individuals do not abuse their authority and, in the case where sensor data is maintained by external parties, contractual restrictions on the use of such data.
>Related Controls
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What policies govern the implementation of authorized use?
- •How are system and communications protection requirements defined and maintained?
- •Who is responsible for configuring and maintaining the security controls specified in SC-42(2)?
Technical Implementation:
- •How is authorized use technically implemented in your environment?
- •What systems, tools, or configurations enforce this protection requirement?
- •How do you ensure that authorized use remains effective as the system evolves?
Evidence & Documentation:
- •What documentation demonstrates the implementation of SC-42(2)?
- •Can you provide configuration evidence or system diagrams showing this protection control?
- •What logs or monitoring data verify that this control is functioning correctly?
Ask AI
Configure your API key to use AI features.