PS-06 Access Agreements

Control: The organization completes appropriate signed access agreements for individuals requiring access to organizational information and information systems before authorizing access and reviews/updates the agreements [Assignment: organization-defined frequency].

Supplemental Guidance: Access agreements include, for example, nondisclosure agreements, acceptable use agreements, rules of behavior, and conflict-of-interest agreements. Electronic signatures are acceptable for use in acknowledging access agreements unless specifically prohibited by organizational policy.

Control Enhancements: (0) None.

Baseline: LOW PS-6 MOD PS-6 HIGH PS-6

Family: Personnel Security

Class: Operational

ISO 17799 mapping: 6.1.5, 8.1.3

COBIT 4.1 mapping: DS5.4

PCI-DSS v2 mapping: 7.1.3