>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

IR-9Information Spillage Response

PBMM (P1)
Secret (P1)
Operational

>Control Description

(A) The organization responds to information spills by identifying the specific information involved in the information system contamination. (B) The organization responds to information spills by alerting organization-defined personnel or roles of the information spill using a method of communication not associated with the spill. (C) The organization responds to information spills by isolating the contaminated information system or system component. (D) The organization responds to information spills by eradicating the information from the contaminated information system or component. (E) The organization responds to information spills by identifying other information systems or system components that may have been subsequently contaminated. (F) The organization responds to information spills by performing other organization-defined actions.

>Supplemental Guidance

Information spillage refers to instances where either classified or sensitive information is inadvertently placed on information systems that are not authorized to process such information. Such information spills often occur when information that is initially thought to be of lower sensitivity is transmitted to an information system and then is subsequently determined to be of higher sensitivity. At that point, corrective action is required.

The nature of the organizational response is generally based upon the degree of sensitivity of the spilled information (e.g., security category or classification level), the security capabilities of the information system, the specific nature of contaminated storage media, and the access authorizations (e.g., security clearances) of individuals with authorized access to the contaminated system. The methods used to communicate information about the spill after the fact do not involve methods directly associated with the actual spill to minimize the risk of further spreading the contamination before such contamination is isolated and eradicated

Ask AI

Configure your API key to use AI features.