IR-09 Information Spillage Response

Baselines

Guidance

Information spillage refers to instances where information is placed on systems that are not authorized to process such information. Information spills occur when information that is thought to be a certain classification or impact level is transmitted to a system and subsequently is determined to be of a higher classification or impact level. At that point, corrective action is required. The nature of the response is based on the classification or impact level of the spilled information, the security capabilities of the system, the specific nature of the contaminated storage media, and the access authorizations of individuals with authorized access to the contaminated system. The methods used to communicate information about the spill after the fact do not involve methods directly associated with the actual spill to minimize the risk of further spreading the contamination before such contamination is isolated and eradicated.

Control Enhancements 4

• IR-09(01) Responsible Personnel
• IR-09(02) Training L M H P
• IR-09(03) Post-spill Operations L M H P
• IR-09(04) Exposure to Unauthorized Personnel L M H P

Related controls 8

• CP-02 Contingency Plan L M H P
• IR-06 Incident Reporting L M H P
• PM-26 Complaint Management L M H P
• PM-27 Privacy Reporting L M H P
• PT-02 Authority to Process Personally Identifiable Information L M H P
• PT-03 Personally Identifiable Information Processing Purposes L M H P
• PT-07 Specific Categories of Personally Identifiable Information L M H P
• RA-07 Risk Response L M H P