Essential Cybersecurity Controls (ECC – 2 : 2024) - 1-9-1
Personnel Cybersecurity Requirements (prior To Employment, During Employment And After
Termination/separation) Must Be Defined, Documented And Approved.
Essential Cybersecurity Controls (ECC – 2 : 2024) - 1-9-2
The Personnel Cybersecurity Requirements Must Be Implemented.
Essential Cybersecurity Controls (ECC – 2 : 2024) - 1-9-3
- The personnel cybersecurity requirements prior to employment must include at least the following:
- Inclusion of personnel cybersecurity responsibilities and non-disclosure clauses (covering the cybersecurity requirements during employment and after termination/separation) in employment contracts.
- Screening or vetting candidates of cybersecurity and critical/privileged positions
Essential Cybersecurity Controls (ECC – 2 : 2024) - 1-9-4
- The personnel cybersecurity requirements during employment must include at least the following:
- Cybersecurity awareness (during on-boarding and during employment).
- Implementation of and compliance with the cybersecurity requirements as per the organizational cybersecurity policies and procedures.
Essential Cybersecurity Controls (ECC – 2 : 2024) - 1-9-5
Personnel Access To Information And Technology Assets Must Be Reviewed And Removed Immediately
Upon Termination/separation.
Essential Cybersecurity Controls (ECC – 2 : 2024) - 1-9-6
Personnel Cybersecurity Requirements Must Be Reviewed Periodically.