Navigate

CCI-003045

CCI-003045 Definition

The organization defines personnel or roles who are to be notified when a formal employee sanctions process is initiated.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

DoD has defined the personnel or roles as at a minimum, the ISSO.

Validation Procedures

The organization being inspected/assessed is automatically compliant with this CCI because they are covered at the DoD level. DoD has defined the personnel or roles as at a minimum, the ISSO.

Compelling Evidence

Automatically compliant.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-003045.

Control	Description
PS-8	The organization: PS-8a.: Employs a formal sanctions process for individuals failing to comply with established information security policies and procedures; and PS-8b.: Notifies [Assignment: organization-defined personnel or roles] within [Assignment: organization-defined time period] when a formal employee sanctions process is initiated, identifying the individual sanctioned and the reason for the sanction.

Control

Description

PS-8

The organization:

PS-8a.: Employs a formal sanctions process for individuals failing to comply with established information security policies and procedures; and

PS-8b.: Notifies [Assignment: organization-defined personnel or roles] within [Assignment: organization-defined time period] when a formal employee sanctions process is initiated, identifying the individual sanctioned and the reason for the sanction.