GRM-07: Policy Enforcement

Control Family:

Governance and Risk Management

CSF v1.1 References:

PF v1.0 References:

Control Statement

A formal disciplinary or sanction policy shall be established for employees who have violated security policies and procedures. Employees shall be made aware of what action might be taken in the event of a violation, and disciplinary measures must be stated in the policies and procedures.

Related Controls

NIST Special Publication 800-53 Revision 5

NIST Special Publication 800-53 Revision 4