CCI-001542

The organization employs a formal sanctions process for individuals failing to comply with established information security policies and procedures.

Implementation Guidance

The organization being inspected/assessed will develop formal procedures within the organizational security policy to employ formal sanctions for personnel failing to comply with established information security policies and procedures.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the organizational security policy to ensure it addresses formal procedures for sanctions and interviews security personnel to validate the organization employs a formal sanctions process for personnel failing to comply with established information security policies and procedures.

Compelling Evidence

1.) SOP/TTP documentation that defines formal procedures for sanctions for personnel failing to comply with established information security policies and procedures.

The controls below (if any) were marked by NIST as being related to CCI-001542.