3.9.2e

  • Requirement

    Ensure that organizational systems are protected if adverse information develops or is obtained about individuals with access to CUI.

  • Discussion

    If adverse information develops or is obtained about an individual with access to CUI which calls into question whether the individual should have continued access to systems containing CUI, actions are taken (e.g., preclude or limit further access by the individual, audit actions taken by the individual) to protect the CUI while the adverse information is resolved.

More Info

  • Family

    Personnel Security
  • Protection Strategy

    • Damage-Limiting Operations

NIST 800-172A Assessment Guidance

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!