SA-8(28)
-
Requirement
Implement the security design principle of acceptable security in [Assignment: organization-defined systems or system components].
-
Discussion
The principle of acceptable security requires that the level of privacy and performance that the system provides is consistent with the users' expectations. The perception of personal privacy may affect user behavior, morale, and effectiveness. Based on the organizational privacy policy and the system design, users should be able to restrict their actions to protect their privacy. When systems fail to provide intuitive interfaces or meet privacy and performance expectations, users may either choose to completely avoid the system or use it in ways that may be inefficient or even insecure.
NIST 800-53A Assessment Guidance
CMMC Training
Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!