Guidance on the Sensitivity and Protection of Information About Keys
Guidance on the Sensitivity and Protection of Information About Keys
The University uses many different kinds of keys. This might be building keys, car keys, door keys, cabinet and drawer keys, keys to equipment, or any other physical key to a place or property. Many factors determine what tier of data that information is.
First, think about what the key’s lock protects. Consider its primary use. That might be to protect:
- People (residence hall keys, keys to extremely dangerous places, equipment lock-out keys, keys to a childcare facility, etc.)
- Operations (key activities we lock down to avoid major disruption: utilities, network and operations centers, sensitive labs)
- Property (cars, storage, equipment, etc.)
- Data (clinic spaces, law enforcement areas, labs, offices, computing devices)
Second, consider how easy it would be for someone to get from the information about a key to getting access to what that key can unlock. For example, a key pattern is almost the same as having the key itself. But knowing who to ask to open the unit’s storage area would still take some work and cooperation to get access.
Thus, there are two factors to consider: (1) what the key’s lock protects; (2) the ease of using information about the key to get to whatever that is.
We classify the tier of information about keys by combining those two factors. If it is easy to use the information about the key to access whatever the key protects, the tier of data will be high, with some nuance depending on what the lock protects. If the lock protects data, then the key simply inherits the same tier as the data thereby protected. Likewise, if the lock in question is primarily meant to protect people, or protect important campus operations, information giving easy access would be Tier 3.
When it is more difficult to use the information about a key to access whatever that key protects, or the lock is primarily meant just to protect property, then tier classification of the information goes down. This chart gives a rule of thumb.
| Life Safety | Operations | Property | Data | |
| Key Pattern | 3 | 3 | 2 | Matches data tier |
| Key-Safe Combination | 3 | 3 | 3 | 3 |
| Trade information about keys | 2 | 2 | 2 | 2 |
| Key mapping | 1 | 1 | 1 | 1 |
| Key assignments | 1 | 1 | 1 | 1 |
Because key safes can be used for all sorts of keys over time, we assume the combination may protect a “Tier 3” key. Also, a “key combination” in an electronic safe is a type of password, and passwords are Tier 3 data.
Units should take precautions with information about keys. Some is just normal “Lenore has a key to her office” that is easily guessed, widely shared knowledge. But a list of all key-holders and their access is something to take more care with. Consider using a system that lists names and key numbers, but have the key numbers and location mapping separate, for example. Or protect the mapping using good security practices so that unauthorized people can’t easily put together pieces of information that get them access.
Protecting information about physical keys is always a balance of making operations straightforward (knowing who to ask for access, emergency access to a key safe, etc.) with keeping the keys and locks useful by preventing unauthorized keys from being made or existing keys from getting to the wrong people. Use best judgment to decide a key’s “primary purpose.” For example, many buildings are locked only at night when fewer observers would make robbery more likely. The purpose is property protection. But the lock might offer some protection for individuals working late alone. In most cases, consider that key a “property” key. Whereas a childcare center might be locked 24/7, that lock is intended to prevent unauthorized access to children, a life-safety key. Don’t overcomplicate. If you have a difficult situation, you are welcome to ask by submitting a University Data Use request for guidance.