Requirement:
The personnel cybersecurity requirements during employment must include at least the following:
Sub-Controls:
1-9-4-1:
Requirement:
Cybersecurity awareness (during on-boarding and during employment).
Control Implementation Guidelines:
- Define and document the requirements of this ECC in the cybersecurity requirements document and approve them by the representative
- Work with relevant departments to provide cybersecurity awareness at the beginning and during work through the organization's approved communication channels
- Include such requirements in the organization's HR procedures to ensure compliance with cybersecurity requirements for all internal and external stakeholders
- Support the organization's policy by the Executive Management. This must be done through the approval of the representative
Expected Deliverables:
- A document (such as approved policy or procedure) indicating the identification and documentation of the requirements related to this control
- Documents that confirm the provision of awareness content to employees in cybersecurity before work at the organization and providing them with access through e-mails, workshops, or any other means, including but not limited to
- Review cybersecurity awareness messages shared with employees through emails
- Review of content presented in the workshop
- Review the cybersecurity awareness plan
1-9-4-2:
Requirement:
Implementation of and compliance with the cybersecurity requirements as per the organizational cybersecurity policies and procedures.
Control Implementation Guidelines:
- Define and document the requirements of this ECC in the cybersecurity requirements document and approve them by the representative
- Inform all employees of the organization and obtain their approval on the cybersecurity policies and procedures, in order to educate the organization's employees of the importance of their role in implementing the cybersecurity requirements
- Include personnel cybersecurity requirements in the organization's HR procedures to ensure compliance with cybersecurity requirements for all internal and external stakeholders
Expected Deliverables:
- A document (such as approved policy or procedure) indicating the identification and documentation of the requirements related to this control.
- An acknowledgment form for approving cybersecurity policies by one of the organization's employees (signed copy)
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
CMMC Level 1 Compliance
Become compliant, provide compliance services, or verify partner compliance with CMMC Level 1 Basic Safeguarding of Covered Contractor Information Systems requirements.
NIST SP 800-171 & CMMC Level 2 Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC Level 2 requirements.
HIPAA Compliance
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.