NIST 800-53 REV 5 • SYSTEM AND COMMUNICATIONS PROTECTION

SC-42(1)Reporting to Authorized Individuals or Roles

Verify that the system is configured so that data or information collected by the {{ insert: param, sc-42.01_odp }} is only reported to authorized individuals or roles.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

In situations where sensors are activated by authorized individuals, it is still possible that the data or information collected by the sensors will be sent to unauthorized entities.

Practitioner Notes

Ensure sensor data is only reported to authorized individuals or roles — not to unauthorized parties or systems that have no need for it.

Example 1: Configure security cameras to stream only to the security operations center and authorized security personnel. Lock down the DVR/NVR interface with strong authentication and restrict network access to the camera VLAN from management stations only.

Example 2: For GPS tracking on company vehicles, ensure the location data is only accessible to fleet management and the employee's direct supervisor. Implement role-based access in the fleet management application and audit all access to location data.

More System and Communications Protection Controls

SC-1 Policy and Procedures SC-2 Separation of System and User Functionality SC-2(1) Interfaces for Non-privileged Users SC-2(2) Disassociability