Description
The organization employs a formal sanctions process for personnel failing to comply with established information security policies and procedures.\n
Supplemental Guidance
The sanctions process is consistent with applicable laws, Executive Orders, directives, policies, regulations, standards, and guidance. The sanctions process can be included as part of the general personnel policies and procedures for the organization.\n
Enhancements
(0) None.\n
Compliance Mappings
ISO 27002:2022
6.4
NIST CSF 2.0
GV.POGV.PO-01GV.PO-02
SOC 2 TSC
CC1.1-POF4CC1.5CC1.5-POF5CC1.5-POF6CC7.4-POF14
ISO 17799 (legacy)
8.2.311.2.1
COBIT 4.1 (legacy)
None.