Establish and document procedures for the return of organization-owned assets by terminated employees.
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
Establish, document, and communicate to all personnel the procedures outlining the roles and responsibilities concerning changes in employment.
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
Employees sign the employee agreement prior to being granted access to organizational information systems, resources and assets.
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
The organization includes within the employment agreements provisions and/or terms for adherence to established information governance and security policies.
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
Document and communicate roles and responsibilities of employees, as they relate to information assets and security.
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
Identify, document, and review, at planned intervals, requirements for non-disclosure/confidentiality agreements reflecting the organization's needs for the protection of data and operational details.
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
Establish, document, approve, communicate, apply, evaluate and maintain a security awareness training program for all employees of the organization and provide regular training updates.
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
Provide all employees with access to sensitive organizational and personal data with appropriate security awareness training and regular updates in organizational procedures, processes, and policies relating to their professional function relative to the organization.
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
Make employees aware of their roles and responsibilities for maintaining awareness and compliance with established policies and procedures and applicable legal, statutory, or regulatory compliance obligations.
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
Establish, document, approve, communicate, implement, apply, evaluate and maintain policies and procedures for identity and access management. Review and update the policies and procedures at least annually.
A POAM must have at least one milestone and assigned to at least one Framework control.
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
A POAM must have at least one milestone and assigned to at least one Framework control.
Select the Exception that you want to assign to this control
Passcode