PS-8

Personnel SecurityRev 5organization

Personnel Sanctions

Baselines:LowModerateHigh

Control Statement

a. Employ a formal sanctions process for individuals failing to comply with established information security and privacy policies and procedures; and b. Notify [Assignment: personnel or roles] within [Assignment: time period] when a formal employee sanctions process is initiated, identifying the individual sanctioned and the reason for the sanction.

Supplemental Guidance

Organizational sanctions reflect applicable laws, executive orders, directives, regulations, policies, standards, and guidelines. Sanctions processes are described in access agreements and can be included as part of general personnel policies for organizations and/or specified in security and privacy policies. Organizations consult with the Office of the General Counsel regarding matters of employee sanctions.

Related Controls (4)

PL-4 PM-12 PS-6 PT-1

CCI Identifiers (6)

CCI-003045Defines personnel or roles who are to be notified when a formal employee sanctions process is initiated.CCI-001542The organization employs a formal sanctions process for individuals failing to comply with established information security policies and procedures.CCI-003044Notify organization-defined personnel or roles within an organization-defined time period when a formal employee sanctions process is initiated, identifying the individual sanctioned and the reason for the sanction.CCI-003046Defines the time period within which to notify organization-defined personnel or roles when a formal employee sanctions process is initiated.CCI-004521Employ a formal sanctions process for individuals failing to comply with established information security policies.CCI-004522Employ a formal sanctions process for individuals failing to comply with established information security procedures.

Linked STIG Checks (0)

No STIG checks reference this control.