What is a key inclusion of safeguarding controls in DoD 5200.48 beyond physical and technical measures?

Administrative safeguards that address people and processes are a key part of safeguarding DoD information in 5200.48, supplementing physical and technical protections. Beyond locking devices and technical controls like encryption and access controls, training ensures every person knows how to handle, mark, store, transmit, and dispose of CUI and to recognize risky actions or phishing attempts. Incident response provides a clear, practiced plan for detecting, reporting, containing, and recovering from CUI incidents, with defined roles, responsibilities, and timelines. This combination helps prevent breaches from human error and insider threats and ensures coordinated action when an incident occurs. Marketing and outreach aren’t part of safeguarding CUI, and financial auditing isn’t a direct safeguarding control in this framework, so those options don’t fit.