Description
The organization establishes and makes readily available to all information system users, a set of rules that describes their responsibilities and expected behavior with regard to information and information system usage. The organization receives signed acknowledgment from users indicating that they have read, understand, and agree to abide by the rules of behavior, before authorizing access to the information system and its resident information.\n
Supplemental Guidance
Electronic signatures are acceptable for use in acknowledging rules of behavior unless specifically prohibited by organizational policy. NIST Special Publication 800-18 provides guidance on preparing rules of behavior.\n
Changes from Rev 4
Control text adds privacy and other minor rewording Adds a selection parameter for action to be taken when rules of behavior change Discussion expanded to provide examples Incorporates acceptance of responsibilities elements of withdrawn App J control AR-5
Enhancements
(0) None.\n