The organization employs [organization-defined security safeguards] to ensure that only [organization-defined individuals or information systems] receive the [organization-defined information, information system components, or devices].
Supplemental
Techniques and/or methods employed by organizations to ensure that only designated information systems or individuals receive particular information, system components, or devices include, for example, sending authenticators via courier service but requiring recipients to show some form of government-issued photographic identification as a condition of receipt.