Requirement:
Acceptable use policy of information and technology assets must be implemented.
Control Implementation Guidelines:
- Cybersecurity policy for the acceptable use policy of the information and technology assets of the organization must be implemented, including the following
- Requirements for the acceptable use of information and technology assets by the organization must be implemented, including but not limited to: requesting each employee view and approve the Acceptable Use Policy of information and technology assets
- These requirements must be communicated through the organization's approved communication channels to educate the organization's internal and external stakeholders to implement these requirements
- Appropriate mechanisms and techniques must be developed to monitor violations of the Acceptable Use Policy requirements and warn of disciplinary actions in the event of violations
Expected Deliverables:
- An action plan to implement the acceptable use requirements of information and technology assets of the organization
- Evidence of communicating these requirements through the communication channels approved by the organization
- A completed and approved form that clarifies the approval of the Acceptable Use Policy by all organization's employees (e.g., scanned physical copy, digital platform, or official hard copy)
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
CMMC Level 1 Compliance
Become compliant, provide compliance services, or verify partner compliance with CMMC Level 1 Basic Safeguarding of Covered Contractor Information Systems requirements.
NIST SP 800-171 & CMMC Level 2 Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC Level 2 requirements.
HIPAA Compliance
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.