IR-9(4)

  • Requirement

    Employ the following controls for personnel exposed to information not within assigned access authorizations: [Assignment: organization-defined controls].

  • Discussion

    Controls include ensuring that personnel who are exposed to spilled information are made aware of the laws, executive orders, directives, regulations, policies, standards, and guidelines regarding the information and the restrictions imposed based on exposure to such information.

More Info

  • Title

    Information Spillage Response | Exposure to Unauthorized Personnel

  • Family

    Incident Response

  • Related NIST 800-53 ID

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!

Learn More