3.9.2e
-
Requirement
Ensure that organizational systems are protected if adverse information develops or is obtained about individuals with access to CUI.
-
Discussion
If adverse information develops or is obtained about an individual with access to CUI which calls into question whether the individual should have continued access to systems containing CUI, actions are taken (e.g., preclude or limit further access by the individual, audit actions taken by the individual) to protect the CUI while the adverse information is resolved.
NIST 800-172A Assessment Guidance
CMMC Training
Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!