IR-9(4)
-
Requirement
Employ the following controls for personnel exposed to information not within assigned access authorizations: [Assignment: organization-defined controls].
-
Discussion
Controls include ensuring that personnel who are exposed to spilled information are made aware of the laws, executive orders, directives, regulations, policies, standards, and guidelines regarding the information and the restrictions imposed based on exposure to such information.
NIST 800-53A Assessment Guidance
CMMC Training
Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!