zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-08-03 00:12:16 +02:00
Code Issues Projects Releases Packages Wiki Activity
manage.get.gov/docs/compliance/dist/system-security-plans/ato/ps-8.md
Logan McDonald 1d3dfdb8d5
Add compliance documentation to source control (#116) 
* add initial setup of compliance-trestle
2022-09-14 08:46:43 -04:00

1.9 KiB
Raw Blame History

implementation-status control-origination
c-not-implemented
c-inherited-cloud-gov
c-inherited-cisa
c-common-control
c-system-specific-control

ps-8 - [catalog] Personnel Sanctions

Control Statement

  • [a] Employ a formal sanctions process for individuals failing to comply with established information security and privacy policies and procedures; and

  • [b] Notify personnel or roles within time period when a formal employee sanctions process is initiated, identifying the individual sanctioned and the reason for the sanction.

Control guidance

Organizational sanctions reflect applicable laws, executive orders, directives, regulations, policies, standards, and guidelines. Sanctions processes are described in access agreements and can be included as part of general personnel policies for organizations and/or specified in security and privacy policies. Organizations consult with the Office of the General Counsel regarding matters of employee sanctions.

Control assessment-objective

a formal sanctions process is employed for individuals failing to comply with established information security and privacy policies and procedures; personnel or roles is/are notified within time period when a formal employee sanctions process is initiated, identifying the individual sanctioned and the reason for the sanction.

What is the solution and how is it implemented?

Implementation a.

Add control implementation description here for item ps-8_smt.a

Implementation b.

Add control implementation description here for item ps-8_smt.b