compliance controls are associated with this Policy definition 'Update organizational access agreements' (e21f91d1-2803-0282-5f2d-26ebc4b170ef)
Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
FedRAMP_High_R4 |
PS-6 |
FedRAMP_High_R4_PS-6 |
FedRAMP High PS-6 |
Personnel Security |
Access Agreements |
Shared |
n/a |
The organization:
a. Develops and documents access agreements for organizational information systems;
b. Reviews and updates the access agreements [Assignment: organization-defined frequency]; and
c. Ensures that individuals requiring access to organizational information and information systems:
1. Sign appropriate access agreements prior to being granted access; and
2. Re-sign access agreements to maintain access to organizational information systems when access agreements have been updated or [Assignment: organization-defined frequency].
Supplemental Guidance: Access agreements include, for example, nondisclosure agreements, acceptable use agreements, rules of behavior, and conflict-of-interest agreements. Signed access agreements include an acknowledgement that individuals have read, understand, and agree to abide by the constraints associated with organizational information systems to which access is authorized. Organizations can use electronic signatures to acknowledge access agreements unless specifically prohibited by organizational policy. Related control: PL-4, PS-2, PS-3, PS-4, PS-8.
References: None. |
link |
5 |
FedRAMP_Moderate_R4 |
PS-6 |
FedRAMP_Moderate_R4_PS-6 |
FedRAMP Moderate PS-6 |
Personnel Security |
Access Agreements |
Shared |
n/a |
The organization:
a. Develops and documents access agreements for organizational information systems;
b. Reviews and updates the access agreements [Assignment: organization-defined frequency]; and
c. Ensures that individuals requiring access to organizational information and information systems:
1. Sign appropriate access agreements prior to being granted access; and
2. Re-sign access agreements to maintain access to organizational information systems when access agreements have been updated or [Assignment: organization-defined frequency].
Supplemental Guidance: Access agreements include, for example, nondisclosure agreements, acceptable use agreements, rules of behavior, and conflict-of-interest agreements. Signed access agreements include an acknowledgement that individuals have read, understand, and agree to abide by the constraints associated with organizational information systems to which access is authorized. Organizations can use electronic signatures to acknowledge access agreements unless specifically prohibited by organizational policy. Related control: PL-4, PS-2, PS-3, PS-4, PS-8.
References: None. |
link |
5 |
hipaa |
1008.01d2System.3-01.d |
hipaa-1008.01d2System.3-01.d |
1008.01d2System.3-01.d |
10 Password Management |
1008.01d2System.3-01.d 01.02 Authorized Access to Information Systems |
Shared |
n/a |
Users sign a statement acknowledging their responsibility to keep passwords confidential. |
|
15 |
ISO27001-2013 |
A.13.2.4 |
ISO27001-2013_A.13.2.4 |
ISO 27001:2013 A.13.2.4 |
Communications Security |
Confidentiality or non-disclosure agreements |
Shared |
n/a |
Requirements for confidentiality or non-disclosure agreements reflecting the organization's needs for the protection of information shall be identified, regularly reviewed and documented. |
link |
14 |
ISO27001-2013 |
A.7.1.2 |
ISO27001-2013_A.7.1.2 |
ISO 27001:2013 A.7.1.2 |
Human Resources Security |
Terms and conditions of employment |
Shared |
n/a |
The contractual agreements with employees and contractors shall state their and the organization's responsibilities for information security. |
link |
24 |
ISO27001-2013 |
A.7.2.1 |
ISO27001-2013_A.7.2.1 |
ISO 27001:2013 A.7.2.1 |
Human Resources Security |
Management responsibilities |
Shared |
n/a |
Management shall require all employees and contractors to apply information security in accordance with the established policies and procedures of the organization. |
link |
26 |
|
mp.per.1 Job characterization |
mp.per.1 Job characterization |
404 not found |
|
|
|
n/a |
n/a |
|
41 |
|
mp.per.2 Duties and obligations |
mp.per.2 Duties and obligations |
404 not found |
|
|
|
n/a |
n/a |
|
40 |
|
mp.s.1 E-mail protection |
mp.s.1 E-mail protection |
404 not found |
|
|
|
n/a |
n/a |
|
48 |
NIST_SP_800-53_R4 |
PS-6 |
NIST_SP_800-53_R4_PS-6 |
NIST SP 800-53 Rev. 4 PS-6 |
Personnel Security |
Access Agreements |
Shared |
n/a |
The organization:
a. Develops and documents access agreements for organizational information systems;
b. Reviews and updates the access agreements [Assignment: organization-defined frequency]; and
c. Ensures that individuals requiring access to organizational information and information systems:
1. Sign appropriate access agreements prior to being granted access; and
2. Re-sign access agreements to maintain access to organizational information systems when access agreements have been updated or [Assignment: organization-defined frequency].
Supplemental Guidance: Access agreements include, for example, nondisclosure agreements, acceptable use agreements, rules of behavior, and conflict-of-interest agreements. Signed access agreements include an acknowledgement that individuals have read, understand, and agree to abide by the constraints associated with organizational information systems to which access is authorized. Organizations can use electronic signatures to acknowledge access agreements unless specifically prohibited by organizational policy. Related control: PL-4, PS-2, PS-3, PS-4, PS-8.
References: None. |
link |
5 |
NIST_SP_800-53_R5 |
PS-6 |
NIST_SP_800-53_R5_PS-6 |
NIST SP 800-53 Rev. 5 PS-6 |
Personnel Security |
Access Agreements |
Shared |
n/a |
a. Develop and document access agreements for organizational systems;
b. Review and update the access agreements [Assignment: organization-defined frequency]; and
c. Verify that individuals requiring access to organizational information and systems:
1. Sign appropriate access agreements prior to being granted access; and
2. Re-sign access agreements to maintain access to organizational systems when access agreements have been updated or [Assignment: organization-defined frequency]. |
link |
5 |
|
org.3 Security procedures |
org.3 Security procedures |
404 not found |
|
|
|
n/a |
n/a |
|
83 |