Which policy focuses on information classification by sensitivity levels?

Classifying information by sensitivity levels is a hallmark of an information-protection approach. This policy defines how data should be labeled and protected based on how sensitive it is, setting up different handling rules for each tier (like public, internal, confidential, or restricted). It guides how data is stored, transmitted, accessed, encrypted, retained, and ultimately disposed of, ensuring safeguards match the risk level of the information. Access control focuses on who can access resources and under what permissions, not on categorizing data by sensitivity. Firewall-management deals with configuring and maintaining network boundary protections. Special-access policies govern when and how elevated or privileged access is granted, not the overall classification scheme for information.