Changes

Security/Data Classification

2,991 bytes removed, 17 January

Deploy https://github.com/mozilla/wikimo_content/pull/143 with new data classification model

<span style="background-color: #14892c; border-radius: .25em; color: #ffffff; display: inline-block; font-weight: bold;

margin: .1em 0; min-width: 6em; padding: .05em .5em; text-transform: uppercase; text-align: center;">READY

The data classification is intended to allow Mozilla to operate effectively in the open while protecting sensitive information.

These data classification levels use the colors of the [[Security/Standard Levels|Standard Levels]].

~~If you think there~~ This classification scheme is ~~information that is improperly classified, we encourage you~~ solely meant to ~~work with~~ communicate who the ~~document owner, usingthis mana page as~~ intended audiences of a ~~reference. If you are unable to resolve this directly~~particular file is, ~~we encourage you to complete~~ not what type of content is contained within the ~~form athttp://mzl~~document.~~la/reclassify~~

Updates to this page should be submitted to the [https://github.com/mozilla/wikimo_opsec/ source repository on github].

Changes are detailed in the [https://github.com/mozilla/wikimo_opsec/commits/master commit history].

The ~~Enterprise Information~~ Mozilla Security Assurance team maintains this document.

</td>

</tr>

|

When sharing or distributing data, documents, etc. you are responsible for setting and changing a classification label.

It While it is required for all Google Drive documents, it is strongly advised that you use them with any tools and communications systems where Mozillians may shareinformation . (e.g.: ~~Google docs,~~ text documents~~, presentations~~, attachments to emails, Matrix topics, and other digital media documents).

|}

! <span style="background-color: #cccccc; border-radius: .25em; color: #000000; display: inline-block; font-weight: bold; margin: .1em 0; min-width: 6em; padding: .05em .5em; text-transform: uppercase; text-align: center;">Public

~~'''(Default)'''~~

| Data that can be shared with the world.

The ~~information would have no negative effect if made~~ audience of this data is meant to be anyone, internal to Mozilla or the wider public ~~(Low risk data)~~.

|-

! <span style="background-color: #4a6785; border-radius: .25em; color: #ffffff; display: inline-block; font-weight:

bold; margin: .1em 0; min-width: 6em; padding: .05em .5em; text-transform: uppercase; text-align: center;">Mozilla Confidential - Staff and NDA'd Mozillians Only or <span style="background-color: #4a6785; border-radius: .25em; color: #ffffff; display: inline-block; font-weight:bold; margin: .1em 0; min-width: 6em; padding: .05em .5em; text-transform: uppercase; text-align: center;">Mozilla Confidential| ~~Data that can be shared with all~~ The audience of ~~Mozilla staff and NDA’d contributors.This information~~ this data is ~~potentially sensitive and could have a negative impact on~~ any employee of the Mozilla ~~if made public (Medium risk data).~~|-~~! <span style="background-color: #ffd351; border-radius: .25em; color: #594300; display: inline-block; font-weight:bold; margin: .1em 0; min-width: 6em; padding: .05em .5em; text-transform: uppercase; text-align: center;">~~Foundation, Mozilla ~~Confidential - Specific Work Groups Only ~~ Corporation or <span style="background-color: #ffd351; border-radius: .25em; color: #594300; display: inline-block; font-weight:bold; margin: .1em 0; min-width: 6em; padding: .05em .5em; text-transform: uppercase; text-align: center;">Workgroup confidential<any other Mozilla subsidiary as well as any individual/~~span>| Data~~ entity that ~~can be shared~~ has an NDA with ~~a specific group of people, like a specific team.This information, if disclosed beyond the group, would expose information that is not necessary and/or should not beavailable to the rest of the company (e.g. "employee salary info") (High risk data)~~Mozilla.

|-

! <span style="background-color: #~~d04437~~ffd351; border-radius: .25em; color: #~~ffffff~~594300; display: inline-block; font-weight: bold; margin: .1em 0; min-width: 6em; padding: .05em .5em; text-transform: uppercase; text-align: center;">Mozilla Confidential - Specific Workgroups and Individuals Only| ~~Data that can~~ The audience of this data is meant to be ~~shared only with~~ specific workgroups or specific individuals ~~who have been granted access by the data owner~~.~~This information~~A Workgroup is a specific group of people, ~~if disclosed beyond~~ like a team. Use of this label requires the ~~individuals, would have a significant negative effect on Mozilla~~ author to list out each workgroup and/or ~~its users(Maximum risk~~ individual that the data)is intended for, somewhere in the file.

|-

|}

= ~~Well-known "WORKGROUP CONFIDENTIAL" sub-groups~~ Examples of data classification = By design, <span style="background-color: #ffd351; border-radius: .25em; color: #594300; display: inline-block; font-weight:bold; margin: .1em 0; min-width: 6em; padding: .05em .5em; text-transform: uppercase; text-align: center;">Workgroup confidential data is associated with teams or group of people. This category list well-known sub-groups that are used at Mozilla.

'''''The list of examples is not an exhaustive list, nor should this list be taken as classification of types of data, only intended audiences.'''''

{| class="wikitable"

|-

! Label

~~! Definition~~

! Examples

|-

! <span style="background-color: #~~ffd351~~cccccc; border-radius: .25em; color: #~~594300~~000000; display: inline-block; font-weight:bold; margin: .1em 0; min-width: 6em; padding: .05em .5em; text-transform: uppercase; text-align: center;">~~STAFF ONLY~~Public| ~~Data that can be shared~~ * Mozilla releases a document for public consumption* Upcoming product information product teams want to share with ~~all~~ the public* Job listings on the Mozilla ~~Staff (i~~career page|-! <span style="background-color: #4a6785; border-radius: .25em; color: #ffffff; display: inline-block; font-weight:bold; margin: .1em 0; min-width: 6em; padding: .e05em . ~~paid employees) only, but not external contributors such as~~ 5em; text-transform: uppercase; text-align: center;">Mozilla Confidential - Staff and NDA'd MozilliansOnly | * Information shared in the monthly MoCo/MoFo internal meeting* Bugzilla bugs with the "Moco confidential" or "infrastructure" flags* Aggregate survey data about Mozilla employees that is not meant for the public* Fox Fooding data for soon to be released products or services which is intended to stay within Mozilla|-! <span style="background-color: #ffd351; border-radius: .25em; color: #594300; display: inline-block; font-weight:bold; margin: .1em 0; min-width: 6em; padding: .05em .5em; text-transform: uppercase; text-align: center;">Mozilla Confidential - Specific Workgroups and Individuals Only | ~~Manager name~~* Service passwords/credentials* Bugzilla bugs with security or restricted flags* Proprietary or protected information, ~~desk number~~code, ~~employee ID~~libraries from Mozilla partners* Contracts or legal documents that can't be shared with all of Mozilla* Unannounced communication materials (dates, visuals, ~~cost center~~plans) for campaigns, product launches, etc* Firefox release signing keys* Specific partner conversations* User/personal passwords/credentials* [https://www.mozilla.org/en-US/about/governance/policies/participation/ Community Participation Guideline (CPG)] report data

|-

|}

= ~~Examples of data classification =~~ ~~''The list of examples is not an~~ Deciding how to classify ~~exhaustive list.''~~ <span style="background-color: #cccccc; border-radius: .25em; color: #000000; display: inline-block; font-weight: bold;margin: .1em 0; min-width: 6em; padding: .05em .5em; text-transform: uppercase; text-align: center;">Public * Firefox source code.* Public brown bags on AirMozilla.* Bugzilla bugs without any security/restricted flags.* Documentation on a wiki or the MDN page.* Test or expired credentials.* Information shared in the weekly MoCo/MoFo project meeting. <span style="background-color: #4a6785; border-radius: .25em; color: #ffffff; display: inline-block; font-weight: bold;margin: .1em 0; min-width: 6em; padding: .05em .5em; text-transform: uppercase; text-align: center;">Mozilla Confidential - Staff and NDA'd Mozillians Only * Information shared in the monthly MoCo/MoFo internal meeting.* Bugzilla bugs with the "Moco confidential" or "infrastructure" flags.* Aggregate survey data about Mozilla employees. <span style="background-color: #ffd351; border-radius: .25em; color: #594300; display: inline-block; font-weight: bold;margin: .1em 0; min-width: 6em; padding: .05em .5em; text-transform: uppercase; text-align: center;">Mozilla Confidential - Specific Work Groups Only * Employee's street address, SSNs, performance data.* Service passwords/credentials.* Bugzilla bugs with security or restricted flags.* Proprietary or protected information, code, libraries from Mozilla partners.* Contracts or legal documents.* Unannounced communication materials (dates, visuals, plans) for campaigns, product launches, etc. <span style="background-color: #d04437; border-radius: .25em; color: #ffffff; display: inline-block; font-weight: bold;margin: .1em 0; min-width: 6em; padding: .05em .5em; text-transform: uppercase; text-align: center;">Mozilla Confidential - Specific Individuals Only * Firefox release signing keys.* Specific partner conversations.* Employee bank account information.* User/personal passwords/credentials.* [https://www.mozilla.org/en-US/about/governance/policies/participation/ Community Participation Guideline (CPG)] report data. ~~= Help to label data in emails, gdocs, presentations, wiki, code, videos, etc.~~ =

''The list of examples of how to label data is not an exhaustive list and serves an an indication on how to ensure the data classification labels are clearly communicated.''

There are always at least two people involved with exchanging ~~Confidential~~ confidential information:

* The '''Owner''' is the person who created the file. The '''Owner''' and '''Discloser''' are often the same person, but not always.* The '''Discloser''' is the person who provides /sends/shares the information to the Recipient.

* The '''Recipient''' is the person who receives the information.

When in doubt, it's always best to classify at the most specific classification. == ~~Keynote/Powerpoints~~All new documents, box.com, etc. ==

'''Label''' every document with its appropriate classification at the top of the documentif possible. When possible, we recommendusing the header feature of the document.

== Google Apps ==

'''Label''' every document (Docs, Sheets, Slides, Drawings, etc.) with its appropriate classification at by utilizing the ~~top ofthe document~~required label functionality.

* For Docs, we recommend including the label in the header of the document.

* For Slides, we recommend including the label in the master slide so that it shows on all slides.

* For Sheets, we recommend creating a dedicated sheet (the tabs at the bottom of the page) either called "Data Classification" or the name of the classification for the entire file. In that new sheet, indicate the data classification.

* When setting sharing options in the Google documents:

** <span style="background-color: #4a6785; border-radius: .25em; color: #ffffff; display: inline-block;font-weight:bold; margin: .1em 0; min-width: 6em; padding: .05em .5em; text-transform: uppercase; text-align:center;">Mozilla Confidential - Staff and NDA'd Mozillians Only documents should be set so that "''anyone at Mozilla ''" have access.

** <span style="background-color: #ffd351; border-radius: .25em; color: #594300; display: inline-block; font-weight: bold;margin: .1em 0; min-width: 6em; padding: .05em .5em; text-transform: uppercase; text-align: center;">Mozilla Confidential - Specific Work Groups Only documents should be set so that only "''specific people''" have access.

** <span style="background-color: #d04437; border-radius: .25em; color: #ffffff; display: inline-block; font-weight: bold;margin: .1em 0; min-width: 6em; padding: .05em .5em; text-transform: uppercase; text-align: center;">Mozilla Confidential - Specific Individuals Only documents should be set so that only "''specific people''" have access and only the owner can add people.

== Wikimo (mediawiki), GitHub public repos ==

== Email subject lines ==

* <span style="background-color: #~~d04437~~ffd351; border-radius: .25em; color: #~~ffffff~~594300; display: inline-block;

* font-weight:bold;margin: .1em 0; min-width: 6em; padding: .05em .5em; text-transform: uppercase; text-align:

* center;">Mozilla Confidential - Specific Workgroups and Individuals Only information '''must''' be labeled in the subject line and should not be forwarded without the original senders express permission.

* For other emails, optionally label subjects with the appropriate classification. This one is up to you, but we encourage you to label emails when the subject is sensitive and it is important to alert recipients.

Also ensure that non-public channels are protected by password or channel access control.

Remember that <span style="background-color: #~~ffd351~~4a6785; border-radius: .25em; color: #~~594300~~ffffff; display: inline-block;font-weight: bold; margin: .1em 0; min-width: 6em; padding: .05em .5em; text-transform: uppercase; text-align:center;">Mozilla Confidential - ~~Specific Work Groups~~ Staff and NDA’d Mozillians Only and <span style="background-color: #~~d04437~~ffd351;border-radius: .25em; color: #~~ffffff~~594300; display: inline-block; font-weight: bold;margin: .1em 0; min-width: 6em; padding:.05em .5em; text-transform: uppercase; text-align: center;">Mozilla Confidential - Specific Workgroups and Individuals Only '''may not''' be shared on Matrix.

Ex: "PUBLIC | This is a channel to discuss anything you like about Firefox".

← Older edit

Gene wood

Confirm

107

edits

Changes

Security/Data Classification

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

How to Contribute

MozillaWiki

Around Mozilla

Tools