What is Sensitive but Unclassified (SBU) Data?

What is SBU Data? 

SBU data is sensitive but unclassified data. The Computer Security Act of 1987, Public Law 100-235, defines ‘sensitive information’ as ‘any information, the loss, misuse, or unauthorized access to or modification of which could adversely affect the national interest or the conduct of Federal programs, or the privacy to which individuals are entitled under Section 552a of Title 5, United States Code (the Privacy Act) but which has not been specifically authorized under criteria established by an executive order or an act of Congress to be kept secret in the interest of national defense or foreign policy.

The purposes of the Computer Security Act included developing standards and guidelines needed to assure the cost-effective security and privacy of sensitive information in Federal computer systems and establishing security plans by all operators of Federal computer systems that contain sensitive information.

How do I store it responsibly and other considerations?

In order to store the data, you need to use data at rest and data in motion technologies which requires an encryption method utilizing PKI (Public key infrastructure). It is important to remember that anytime you store SBU Data, it must be marked as SBU so that individuals having access to the SBU information are aware of its sensitivity and protection requirements and stay in compliance with NPR 1600.1A. 

Source: o365_data_guidance_and_encryption_instructions.pdf (nasa.gov)

Print Friendly, PDF & Email