AC.L2-3.1.9 β Provide Privacy and Security Notices
Control Intent
Provide privacy and security notices consistent with applicable CUI rules.
Control Response
The organization provides privacy and security notices to users prior to or during access to systems that process, store, or transmit Controlled Unclassified Information (CUI).
System use notices inform users that the system is for authorized use only, that user activity may be monitored, and that misuse may result in disciplinary or legal action. Notices are displayed at login or access points to ensure users are informed before system use.
Objective Responses
AC.9.014 β Users are provided privacy and security notices
Users receive a system access notice communicating authorized use and monitoring expectations prior to or during access.
Evidence References
Evidence includes system login banners or access warning messages displayed to users.
Continuous Monitoring
System access notices are reviewed periodically to ensure accuracy and consistent display.
Common Findings
- No access notice displayed
- Notice shown after access is granted