A set of rules that describe the IA operations of the DoD information system and clearly delineate IA responsibilities and expected behavior of all personnel is in place. The rules include the consequences of inconsistent behavior or non-compliance. Signed acknowledgement of the rules is a condition of access.
MAC / CONF | Impact | Subject Area |
---|---|---|
MACI MACII MACIII | High | Personnel |
Threat |
---|
Sensitive and classified information stored on servers, workstations, media and documentation are at risk of access, monitoring, copying, destruction, and illegal distribution if rules are not in place to prevent such actions. Access to sensitive and classified facility access points is a risk from unauthorized personnel. Personnel performance in the work place is at risk of being non-productive due to unethical and irresponsible behavior if consequences for those actions are not defined and acknowledged by employees. |
Guidance |
---|
1. A set of rules that describe the IA operations of the DoD information system and clearly delineate IA responsibilities and expected behavior of all personnel shall be in place. 2. The rules shall include the consequences of inconsistent behavior or non-compliance. 3. Signed acknowledgement of the rules shall be a condition of access. 4. Training or reminder of the IA operations rules and code of conduct shall be performed on an annual basis, or as frequently as in accordance with DoD policy. |