• Requirement

    1. Employ a formal sanctions process for individuals failing to comply with established information security and privacy policies and procedures; and
    2. Notify [Assignment: organization-defined personnel or roles] within [Assignment: organization-defined time period] when a formal employee sanctions process is initiated, identifying the individual sanctioned and the reason for the sanction.
  • Discussion

    Organizational sanctions reflect applicable laws, executive orders, directives, regulations, policies, standards, and guidelines. Sanctions processes are described in access agreements and can be included as part of general personnel policies for organizations and/or specified in security and privacy policies. Organizations consult with the Office of the General Counsel regarding matters of employee sanctions.

More Info

  • Title

    Personnel Sanctions
  • Family

    Personnel Security
  • NIST 800-53B Baseline(s)

    • Low
    • Moderate
    • High
  • Related NIST 800-53 ID


NIST 800-53A Assessment Guidance

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!