Navigate

CCI-000593

CCI-000593 Definition

The organization receives a signed acknowledgment from individuals requiring access to the information system, indicating that they have read, understand, and agree to abide by the rules of behavior, before authorizing access to information and the information system.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed will obtain signed acknowledgment (paper or electronic signature) from individuals indicating that they have read, understand, and agree to abide by the rules of behavior, before authorizing access to information and the information system.

Validation Procedures

The organization conducting the inspection/assessment obtains a list of individuals with active accounts and validates the existence of signed acknowledgements (paper or electronic signature) of the organizational AUP associated with a sampling of individuals selected from the list.

Compelling Evidence

1.) Signed acceptable use policy (AUP) acknowledgements.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000593.

Control	Description
PL-4	The organization: PL-4a.: Establishes and makes readily available to individuals requiring access to the information system, the rules that describe their responsibilities and expected behavior with regard to information and information system usage; PL-4b.: Receives a signed acknowledgment from such individuals, indicating that they have read, understand, and agree to abide by the rules of behavior, before authorizing access to information and the information system; PL-4c.: Reviews and updates the rules of behavior [Assignment: organization-defined frequency]; and PL-4d.: Requires individuals who have signed a previous version of the rules of behavior to read and re-sign when the rules of behavior are revised/updated.

Control

Description

PL-4

The organization:

PL-4a.: Establishes and makes readily available to individuals requiring access to the information system, the rules that describe their responsibilities and expected behavior with regard to information and information system usage;

PL-4b.: Receives a signed acknowledgment from such individuals, indicating that they have read, understand, and agree to abide by the rules of behavior, before authorizing access to information and the information system;

PL-4c.: Reviews and updates the rules of behavior [Assignment: organization-defined frequency]; and

PL-4d.: Requires individuals who have signed a previous version of the rules of behavior to read and re-sign when the rules of behavior are revised/updated.