NIST Special Publication 800-53 (Rev. 4)

Security and Privacy Controls for Federal Information Systems and Organizations

PS-8 PERSONNEL SANCTIONS

Family:
Personnel Security
Class:
Priority:
P3 - Implement P3 security controls after implementation of P1 and P2 controls.
Baseline Allocation:
Low Moderate High
PS-8
PS-8
PS-8

Control Description

The organization:

a. Employs a formal sanctions process for individuals failing to comply with established information security policies and procedures; and

b. Notifies [Assignment: organization-defined personnel or roles] within [Assignment: organization-defined time period] when a formal employee sanctions process is initiated, identifying the individual sanctioned and the reason for the sanction.

Supplemental Guidance

Organizational sanctions processes reflect applicable federal laws, Executive Orders, directives, regulations, policies, standards, and guidance. Sanctions processes are described in access agreements and can be included as part of general personnel policies and procedures for organizations. Organizations consult with the Office of the General Counsel regarding matters of employee sanctions.

Related to: PL-4PS-6

Control Enhancements

None.

References

None.