NIST SP 800-171 & CMMC 2.0 3.1.9 Requirement:
Provide privacy and security notices consistent with applicable “Controlled Unclassified Information” (CUI) rules.
NIST SP 800-171 & CMMC 2.0 3.1.9 Requirement Explanation:
Every system that provides a user with access to controlled unclassified information, must display a privacy/security notice before the user logs in.
Example NIST SP 800-171 & CMMC 2.0 3.1.9 Implementation:
Create a privacy/security notice to display on your systems before users log in. Display the banner on computer log-ins, server log-ins, and logins to cloud resources like Microsoft 365. The login banner can read: Information system usage may be monitored or recorded and is subject to audit. The use of this information system affirms consent to monitoring and recording. Unauthorized use of the information systems is prohibited. Unauthorized use is subject to criminal and civil penalties. The information system contains CUI with specific requirements imposed by the Department of Defense and use of the information system may be subject to other specified requirements associated with certain types of CUI such as Export Controlled information.
NIST SP 800-171 & CMMC 2.0 3.1.9 Scenario(s):
- Scenario 1:
Before an employee logs into their computer they must click accept on your company's system use notification.
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you