NIST SP 800-171 & CMMC 2.0 Control 3.1.9 Requirement:

Provide privacy and security notices consistent with applicable “Controlled Unclassified Information” (CUI) rules.

NIST SP 800-171 & CMMC 2.0 3.1.9 Requirement Explanation:

Every system that provides a user with access to controlled unclassified information, must display a privacy/security notice before the user logs in.

Example NIST SP 800-171 & CMMC 2.0 3.1.9 Implementation:

Create a privacy/security notice to display on your systems before users log in. Display the banner on computer log-ins, server log-ins, and logins to cloud resources like Microsoft 365. The login banner can read: Information system usage may be monitored or recorded and is subject to audit. The use of this information system affirms consent to monitoring and recording. Unauthorized use of the information systems is prohibited. Unauthorized use is subject to criminal and civil penalties. The information system contains CUI with specific requirements imposed by the Department of Defense and use of the information system may be subject to other specified requirements associated with certain types of CUI such as Export Controlled information.

NIST SP 800-171 & CMMC 2.0 3.1.9 Scenario(s):

- Scenario 1:

Before an employee logs into their computer they must click accept on your company's system use notification.

Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:


Compliance Accelerator

Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.

Quantum Assessor

Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.

Supply Chain Verifier

Trust is everything. Verify, monitor, and support subcontactor compliance.