NIST 800-53 REV 5 • ACCESS CONTROL

AC-16(5)Attribute Displays on Objects to Be Output

Display security and privacy attributes in human-readable form on each object that the system transmits to output devices to identify {{ insert: param, ac-16.05_odp.01 }} using {{ insert: param, ac-16.05_odp.02 }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

System outputs include printed pages, screens, or equivalent items. System output devices include printers, notebook computers, video displays, smart phones, and tablets. To mitigate the risk of unauthorized exposure of information (e.g., shoulder surfing), the outputs display full attribute values when unmasked by the subscriber.

Practitioner Notes

When data is displayed, printed, or output in any way, its security attributes should be visible. If a document is CUI, the reader should see that marking.

Example 1: Configure Microsoft Purview sensitivity labels to add visual markings — headers, footers, and watermarks. For the CUI label, set the header text to "CUI" and the footer to "Controlled Unclassified Information". These markings appear on screen and in print.

Example 2: For banner pages on printers, configure your print server to prepend a classification cover sheet to every print job. The cover sheet should show the classification level, the print date, and the username of the person who printed it.

More Access Control Controls

AC-1 Policy and Procedures AC-2 Account Management AC-2(1) Automated System Account Management AC-2(2) Automated Temporary and Emergency Account Management