NIST 800-53 r5 · Controls catalogue · Family IR
IR-9Information Spillage Response
Respond to information spills by: Assigning {{ insert: param, ir-09_odp.01 }} with responsibility for responding to information spills; Identifying the specific information involved in the system contamination; Alerting {{ insert: param, ir-09_odp.02 }} of the information spill using a method of communication not associated with the spill; Isolating the contaminated system or system component; Eradicating the information from the contaminated system or component; Identifying other systems or system components that may have been subsequently contaminated; and Performing the following additional actions: {{ insert: param, ir-09_odp.03 }}.
Last updated: 09 May 2026 03:25 UTC
Implementations targeting this control (0)
- No implementations targeting this control yet.
ATT&CK techniques this control mitigates (0)
- No ATT&CK techniques mapped to this control yet.
Weaknesses this control addresses (6)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor | 10,204 | The control's identification, isolation, alerting, and eradication steps directly limit the impact and exploitation window of unauthorized sensitive information exposure. |
CWE-532 | Insertion of Sensitive Information into Log File | 1,378 | The process of identifying and eradicating spilled information applies directly to sensitive data inserted into log files. |
CWE-212 | Improper Removal of Sensitive Information Before Storage or Transfer | 126 | Eradication of spilled information from contaminated systems mitigates the effects of improper removal of sensitive data before storage or transfer. |
CWE-538 | Insertion of Sensitive Information into Externally-Accessible File or Directory | 84 | Isolation and eradication reduce the ability to exploit sensitive information inserted into externally-accessible files or directories. |
CWE-226 | Sensitive Information in Resource Not Removed Before Reuse | 30 | The eradication and cross-system identification steps ensure sensitive information is removed before resources are reused or further accessed. |
CWE-540 | Inclusion of Sensitive Information in Source Code | 29 | Detection and removal of spilled information addresses cases where sensitive data was included in source code. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
| No CVEs annotated to this control yet — the per-CVE backfill is in progress. | ||||