National Institute of Standards and Technology Special Publication 800-60 describes how to label and describe the types of information within an organization. The instruction provides guidance on how to classify information and map the data to the type of information, such as privacy, medical, sensitive, trade-secret, and so on. Where this is important is to ensure that all organizations treat information types in the same way. Previously organizations would or could mislabel, or over classify information restricting collaboration, or applying expensive security protections on information that did not require the level of protection, thus erroneously increasing spend and wasting resources.
Applicability: Relevant for managing information within an organization and within the corresponding information systems and processes