NIST 800-53 REV 5 • INCIDENT RESPONSE

IR-9(2)Training

Provide information spillage response training {{ insert: param, ir-09.02_odp }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Organizations establish requirements for responding to information spillage incidents in incident response plans. Incident response training on a regular basis helps to ensure that organizational personnel understand their individual responsibilities and what specific actions to take when spillage incidents occur.

Practitioner Notes

People involved in handling information spillage need specific training on how to contain and clean up spills without making them worse. Training should cover both technical steps and reporting requirements.

Example 1: Include spillage response procedures in your annual security awareness training. Cover scenarios like accidentally copying classified files to an unclassified USB drive or emailing CUI to an unauthorized recipient. Walk through the correct response step by step.

Example 2: Conduct a focused tabletop exercise on information spillage for your IT and security staff. Use a scenario like finding CUI data on a shared drive accessible to unauthorized users. Practice the containment, sanitization, and reporting steps, then document lessons learned.

More Incident Response Controls

IR-1 Policy and Procedures IR-2 Incident Response Training IR-2(1) Simulated Events IR-2(2) Automated Training Environments