home || catalog: SP800-53rev3 / class: Management / family: (PL) Planning ||
search controls:
search nistpubs:

AC
AT
AU
CA
CM
CP
IA
IR
MA
MP
PE
PL

PL-01
PL-02
PL-03
PL-04 *
PL-05
PL-06

PM
PS
RA
SA
SC
SI
MMMMM

  PL-04: Rules of Behavior  

base control objective:
The organization:
a. Establishes and makes readily available to all information system users, the rules that describe their responsibilities and expected behavior with regard to information and information system usage; and
b. Receives signed acknowledgment from users indicating that they have read, understand, and agree to abide by the rules of behavior, before authorizing access to information and the information system.

supplemental objective information:
The organization considers different sets of rules based on user roles and responsibilities, for example, differentiating between the rules that apply to privileged users and rules that apply to general users. Electronic signatures are acceptable for use in acknowledging rules of behavior.

enhancements to the base objective:

(1) The organization includes in the rules of behavior, explicit restrictions on the use of social networking sites, posting information on commercial web sites, and sharing information system account information.

mapping to FIPS199 baseline:

  LOW: base     MOD: base     HIGH: base  

related (regimented) controls:

PS-06   Access Agreements

documents referenced in SP800-53rev3 for PL-04:

Document Date Status Title
OMB M-03-22 September, 2003 current   OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002
NIST SP800-121 June, 2012 current   Guide to Bluetooth Security
NIST SP800-18 February, 2006 current   Guide for Developing Security Plans for Federal Information Systems
NIST SP800-45 August, 2006 DRAFT   Guidelines on Electronic Mail Security
NIST SP800-46 June, 2009 current   Guide to Enterprise Telework and Remote Access Security
NIST SP800-48 July, 2008 current   Wireless Network Security: 802.11, Bluetooth, and Handheld Devices
NIST SP800-89 November, 2006 current   Recommendation for Obtaining Assurances for Digital Signature Applications

Search SP800-53rev3 catalog: