IR-9(4): Exposure To Unauthorized Personnel

Control Family:

Incident Response

Parent Control:

IR-9: Information Spillage Response

Priority:

P0: Security control not selected in any baseline.

CSF v1.1 References:

ID.SC-5
PR.IP-9

Baselines:

(Not part of any baseline)

Next Version:

NIST Special Publication 800-53 Revision 5:
IR-9(4): Exposure to Unauthorized Personnel

Control Statement

The organization employs [Assignment: organization-defined security safeguards] for personnel exposed to information not within assigned access authorizations.

Supplemental Guidance

Security safeguards include, for example, making personnel exposed to spilled information aware of the federal laws, directives, policies, and/or regulations regarding the information and the restrictions imposed based on exposure to such information.