|Description||Create Policy on Information Dissemination: Service Providers, Network Operators, and Equipment Suppliers should create an enforceable policy clearly defining who can disseminate information, and what controls should be in place for the dissemination of such information. The policy should differentiate according to the sensitivity or criticality of the information.|
|Industry Role(s)||Service Provider; Network Operator; Equipment Supplier|
|Reference/Comments||Octave Catalog of Practices, Version 2.0,CMU/SEI-2001-TR-20 (http://www.cert.org/archive/pdf/01tr020.pdf) Practice OP3.1.1& OP3.2.1; NIST Special Pub 800-12. King, Christopher M., Curtis E. Dalton, and T. Ertem Osmanoglu. Validation and Maturity. Security Architecture, Design, Deployment & Operations. Berkley, CA: The McGraw-Hill Companies. 2001. 443-470
McClure, Stuart, Joel Scambray, George Kurtz. "Advanced Techniques". Hacking Exposed, Network Security Secrets and Solutions, 4th Edition. Berkley, CA. The McGraw-Hill Companies. 2003. 555-592
Nichols, Randall K., Daniel J. Ryan, Julie J. C. H. Ryan. "Risk Management and Architecture of Information Security (INFOSEC)". Defending Your Digital Assets Against Hackers, Crackers, Spies and Thieves. New York, NY. The McGraw-Hill Companies. 2000. 69-90.