IR-9(4): Exposure to Unauthorized Personnel

Control Family:

Incident Response

CSF v1.1 References:

Baselines:

(Not part of any baseline)

Previous Version:

Control Statement

Employ the following controls for personnel exposed to information not within assigned access authorizations: [Assignment: organization-defined controls].

Supplemental Guidance

Controls include ensuring that personnel who are exposed to spilled information are made aware of the laws, executive orders, directives, regulations, policies, standards, and guidelines regarding the information and the restrictions imposed based on exposure to such information.