Embedded Files
This page is classified as INTERNAL.
NIST 800-53 (r4) Control:
The organization employs [Assignment: organization-defined security safeguards] for personnel exposed to information not within assigned access authorizations.
NIST 800-53 (r4) Supplemental Guidance:
Security safeguards include, for example, making personnel exposed to spilled information aware of the federal laws, directives, policies, and/or regulations regarding the information and the restrictions imposed based on exposure to such information.
References: None.
NIST 800-53 (r5) Discussion:
Controls include ensuring that personnel who are exposed to spilled information are made aware of the laws, executive orders, directives, regulations, policies, standards, and guidelines regarding the information and the restrictions imposed based on exposure to such information.
38North Guidance:
Meets Minimum Requirement:
The organization defines, documents, and implements security safeguards for personnel exposed to information that they are not authorized to have access to.
Examples of security safeguards can include, but are not limited to: retaking the security awareness training; reviewing the rules of behavior for clarification of their responsibilities; etc.
Best Practice: None.
Unofficial FedRAMP Guidance: None.
Assessment Evidence:
Incident response procedures detailing the safeguards to be employed for personnel exposed to information not within their assigned access authorizations.
After action reports showing those safeguards were employed if there were any information spill incidents in the past year.
CSP Implementation Tips:
Amazon Web Services (AWS): TBD
Microsoft Azure: TBD
Google Cloud Platform: TBD
Page updated
Report abuse