PS-08 Personnel Sanctions

Control: The organization employs a formal sanctions process for personnel failing to comply with established information security policies and procedures.

Supplemental Guidance: The sanctions process is consistent with applicable laws, Executive Orders, directives, policies, regulations, standards, and guidance. The sanctions process can be included as part of the general personnel policies and procedures for the organization.

Control Enhancements: (0) None.

Baseline: LOW PS-8 MOD PS-8 HIGH PS-8

Family: Personnel Security

Class: Operational

ISO 17799 mapping: 8.2.3, 11.2.1

COBIT 4.1 mapping: None.

PCI-DSS v2 mapping: None.