BRACKETOLOGY | FEDRAMP
IR-9: INFORMATION SPILLAGE RESPONSE
-
FedRAMP Baseline Membership IR-9:
- MODERATE
- HIGH
FedRAMP Bracketology
Use the FedRAMP Control Membership information above to determine if a control or control enhancement is required for each Impact Baseline — LOW, MODERATE, or HIGH
Click on the panel below each control or control enhancement to review the FedRAMP Impact Baseline-specific control configuration requirements for each of the [BRACKETS] in each control and/or control enhancement.
Review and use Additional Requirements and Guidance to build FedRAMP-compliant controls for your risk-based cybersecurity program.
To change the baseline view in the panel, click on LOW, MODERATE, or HIGH when the panel is open
Panels only appear where there are [BRACKETS] in the control or enhancement or where there is FedRAMP-specific requirements or guidance available.
The organization responds to information spills by:
- a. Identifying the specific information involved in the information system contamination;
- b. Alerting [Assignment: organization-defined personnel or roles] of the information spill using a method of communication not associated with the spill;
- c. Isolating the contaminated information system or system component;
- d. Eradicating the information from the contaminated information system or component;
- e. Identifying other information systems or system components that may have been subsequently contaminated; and
- f. Performing other [Assignment: organization-defined actions].
Click Low | Moderate | High below to see FedRAMP control configuration information. It's in BOLD.
There are no FedRAMP-specific requirements if this control is used for a LOW Impact system.
There are no FedRAMP-specific requirements if this control is used for a MODERATE Impact system.
There are no FedRAMP-specific requirements if this control is used for a HIGH Impact system.
SUPPLEMENTAL GUIDANCE
Information spillage refers to instances where either classified or sensitive information is inadvertently placed on information systems that are not authorized to process such information. Such information spills often occur when information that is initially thought to be of lower sensitivity is transmitted to an information system and then is subsequently determined to be of higher sensitivity. At that point, corrective action is required. The nature of the organizational response is generally based upon the degree of sensitivity of the spilled information (e.g., security category or classification level), the security capabilities of the information system, the specific nature of contaminated storage media, and the access authorizations (e.g., security clearances) of individuals with authorized access to the contaminated system. The methods used to communicate information about the spill after the fact do not involve methods directly associated with the actual spill to minimize the risk of further spreading the contamination before such contamination is isolated and eradicated.
RELATED CONTROLS:
CONTROL ENHANCEMENTS
IR-9 (1) INFORMATION SPILLAGE RESPONSE | RESPONSIBLE PERSONNEL
-
FedRAMP Baseline Membership IR-9 (1):
- MODERATE
- HIGH
The organization assigns [Assignment: organization-defined personnel or roles] with responsibility for responding to information spills.
Click Low | Moderate | High below to see FedRAMP control configuration information. It's in BOLD.
There are no FedRAMP-specific requirements if this control is used for a LOW Impact system.
There are no FedRAMP-specific requirements if this control is used for a MODERATE Impact system.
There are no FedRAMP-specific requirements if this control is used for a HIGH Impact system.
Supplemental Guidance: NONE
IR-9 (2) INFORMATION SPILLAGE RESPONSE | TRAINING
-
FedRAMP Baseline Membership IR-9 (2):
- MODERATE
- HIGH
The organization provides information spillage response training [Assignment: organization-defined frequency].
Click Low | Moderate | High below to see FedRAMP control configuration information. It's in BOLD.
There are no FedRAMP-specific requirements if this control is used for a LOW Impact system.
There are no FedRAMP-specific requirements if this control is used for a MODERATE Impact system.
The organization provides information spillage response training at least annually.
Supplemental Guidance: NONE
IR-9 (3) INFORMATION SPILLAGE RESPONSE | POST-SPILL OPERATIONS
-
FedRAMP Baseline Membership IR-9 (3):
- MODERATE
- HIGH
The organization implements [Assignment: organization-defined procedures] to ensure that organizational personnel impacted by information spills can continue to carry out assigned tasks while contaminated systems are undergoing corrective actions.
Click Low | Moderate | High below to see FedRAMP control configuration information. It's in BOLD.
There are no FedRAMP-specific requirements if this control is used for a LOW Impact system.
There are no FedRAMP-specific requirements if this control is used for a MODERATE Impact system.
There are no FedRAMP-specific requirements if this control is used for a HIGH Impact system.
Supplemental Guidance:
Correction actions for information systems contaminated due to information spillages may be very time-consuming. During those periods, personnel may not have access to the contaminated systems, which may potentially affect their ability to conduct organizational business.
IR-9 (4) INFORMATION SPILLAGE RESPONSE | EXPOSURE TO UNAUTHORIZED PERSONNEL
-
FedRAMP Baseline Membership IR-9 (4):
- MODERATE
- HIGH
The organization employs [Assignment: organization-defined security safeguards] for personnel exposed to information not within assigned access authorizations.
Supplemental Guidance:
Security safeguards include, for example, making personnel exposed to spilled information aware of the federal laws, directives, policies, and/or regulations regarding the information and the restrictions imposed based on exposure to such information.
REFERENCES:
- NO REFERENCES