Navigate

CCI-000594

CCI-000594 Definition

Include in the rules of behavior, restrictions on the use of social media, social networking sites, and external sites/applications.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if the rules of behavior include restrictions on the use of social media, social networking sites, and external sites/applications.

Validation Procedures

Examine: [SELECT FROM: Security and privacy planning policy; procedures addressing rules of behavior for system users; rules of behavior; training policy; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with responsibility for establishing, reviewing, and updating rules of behavior; organizational personnel with responsibility for literacy training and awareness and role-based training; organizational personnel who are authorized users of the system and have signed rules of behavior; organizational personnel with information security and privacy responsibilities]. Test: [SELECT FROM: Organizational processes for establishing rules of behavior; mechanisms supporting and/or implementing the establishment of rules of behavior].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000594.

Control	Description
PL-4(1)	Include in the rules of behavior, restrictions on: (a): Use of social media, social networking sites, and external sites/applications; (b): Posting organizational information on public websites; and (c): Use of organization-provided identifiers (e.g., email addresses) and authentication secrets (e.g., passwords) for creating accounts on external sites/applications.