CMMC Practice AC.2.005

Provide privacy and security notices consistent with applicable CUI rules.

Source

CMMC Version 1.02, pg. 55

Bold Coast Security Guidance

Login banners are used to force users to acknowledge they are accessing company data and that the organization must control access, use, and storage of that data. While numerous templates are available, be sure to work with your legal counsel to approve any language displayed to users. These banners should be displayed on user workstations when they first login, but should be considered for making a remote access connections, and any login screens when connecting to network devices.

Discussion From Source

DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 System use notifications can be implemented using messages or warning banners displayed before individuals log in to organizational systems. System use notifications are used only for access via logon interfaces with human users and are not required when such human interfaces do not exist. Based on a risk assessment, organizations consider whether a secondary system use notification is needed to access applications or other system resources after the initial network logon. Where necessary, posters or other printed materials may be used in lieu of an automated system banner. Organizations consult with the Office of General Counsel for legal review and approval of warning banner content.

References