PL-04 Rules Of Behavior

Control: The organization establishes and makes readily available to all information system users, a set of rules that describes their responsibilities and expected behavior with regard to information and information system usage. The organization receives signed acknowledgment from users indicating that they have read, understand, and agree to abide by the rules of behavior, before authorizing access to the information system and its resident information.

Supplemental Guidance: Electronic signatures are acceptable for use in acknowledging rules of behavior unless specifically prohibited by organizational policy. NIST Special Publication 800-18 provides guidance on preparing rules of behavior.

Control Enhancements: (0) None.

Baseline: LOW PL-4 MOD PL-4 HIGH PL-4

Family: Planning

Class: Management

ISO 17799 mapping: 7.1.3, 8.1.3, 15.1.5

COBIT 4.1 mapping: PO6.5, DS5.2, PC4

PCI-DSS v2 mapping: 12.6.2