IRO-12.4: Sensitive / Regulated Data Exposure to...

IRO-12.4 · Sensitive / Regulated Data Exposure to Unauthorized Personnel

Control Description

Mechanisms exist to address security safeguards for personnel exposed to sensitive/regulated data that is not within their assigned access authorizations.

Control Question

Assessment question for control validation

Does the organization address security safeguards for personnel exposed to sensitive/regulated data that is not within their assigned access authorizations?

Control Weighting

Validation Cadence

Annual

NIST CSF Function

Respond

Supply Chain Risk Management (SCRM) Tiers

Applicable SCRM tier levels for this control

Tier 2 - Operational

Additional Metadata

Applicability (Process):