3.9.2 Ensure CUI & Organizations Systems are Protected

3.9.2 Ensure that CUI and organizational systems containing CUI are protected during and after personnel actions such as terminations and transfers.

To go back to the NIST 800-171 Controls page, click here.

Guides

• NIST SP 800-14 – Generally Accepted Principles and Practices for Securing Information Technology Systems

Example Tools

• Enterprise Data Loss Prevention
• Identity Access Management Software

Sample Policy & Procedures

• Department of Agriculture Food Safety and Inspection Service-Personnel Security for Information Systems
• Environmental Protection Agency-Information Security-Interim Personnel Security Procedures v2.0
• University of Florida – Health Science Center – GP0004 – Information Security Considerations re: Termination

Additional Lessons Learned

• Society for Human Resource Management – Protect Data During Layoffs