- Specify data and information clas

- Specify data and information classification, sensitivity, and
need-to-know requirements by information type.
- Create authentication and authorization system for users
to gain access to data by assigned privileges and
permission.
- Develop acceptable use procedures in support of the data
security policy.