Prevent access to organization-defined security-relevant information except during secure, non-operable system states.