Navigate

CCI-002820

CCI-002820 Definition

Employ organization-defined controls for personnel exposed to information not within assigned access authorizations.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if [IR-09(04)_ODP; controls employed for personnel exposed to information not within assigned access authorizations are defined] are employed for personnel exposed to information not within assigned access authorizations.

Validation Procedures

Examine: [SELECT FROM: Incident response policy; procedures addressing incident response; procedures addressing information spillage; incident response plan; system security plan; security safeguards regarding information spillage/exposure to unauthorized personnel; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with incident response responsibilities; organizational personnel with information security responsibilities]. Test: [SELECT FROM: Organizational processes for dealing with information exposed to unauthorized personnel; mechanisms supporting and/or implementing safeguards for personnel exposed to information not within assigned access authorizations].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002820.

Control	Description
IR-9(4)	Employ the following controls for personnel exposed to information not within assigned access authorizations: [controls employed for personnel exposed to information not within assigned access authorizations are defined;].