Security Requirements for 03.15.03 Rules of Behavior

Rules of behavior represent a type of access agreement for system users. Organizations consider rules of behavior for the handling of CUI based on individual user roles and responsibilities and differentiate between rules that apply to privileged users and rules that apply to general users.

View CPRT 03.15.03

  1. 03.15.03.a

    Establish rules that describe the responsibilities and expected behavior for system usage and protecting CUI.

  1. 03.15.03.b

    Provide rules to individuals who require access to the system.

  1. 03.15.03.c

    Receive a documented acknowledgement from individuals indicating that they have read, understand, and agree to abide by the rules of behavior before authorizing access to CUI and the system.

  1. 03.15.03.d

    Review and update the rules of behavior [Assignment: organization-defined frequency].