IR-9(4): Exposure To Unauthorized Personnel

Control Family:

Incident Response

CSF v1.1 References:


(Not part of any baseline)

Next Version:

Control Statement

The organization employs [Assignment: organization-defined security safeguards] for personnel exposed to information not within assigned access authorizations.

Supplemental Guidance

Security safeguards include, for example, making personnel exposed to spilled information aware of the federal laws, directives, policies, and/or regulations regarding the information and the restrictions imposed based on exposure to such information.