This site has been deprecated in favor of https://attack.mitre.org and will remain in place until 11/1/22.
Operational Information Confidentiality
|Operational Information Confidentiality|
|IEC 62443-3-3:2013||SR 4.1|
|IEC 62443-4-2:2019||CR 4.1|
Deploy mechanisms to protect the confidentiality of information related to operational processes, facility locations, device configurations, programs, or databases that may have information that can be used to infer organizational trade-secrets, recipes, and other intellectual property (IP). Example mitigations could include restricting read privileges, encrypting data, and obfuscating the information (e.g., facility coverterms, codenames). In many cases this mitigation may not be feasible to implement when the information is necessary to support critical engineering, maintenance, or operational functions.
TODO: remove encryption mention and add OPSEC ideas
Techniques Addressed by Mitigation
|Theft of Operational Information||Example mitigations could include minimizing its distribution/storage or obfuscating the information (e.g., facility coverterms, codenames). In many cases this information may be necessary to support critical engineering, maintenance, or operational functions, therefore, it may not be feasible to implement.|