Compliance Dictionary | Unified Compliance Framework

Type	Definition	Sources
Noun	Rules for individual users of each general support system or application. These rules should clearly delineate responsibilities of and expectations for all individuals with access to the system. They should be consistent with system-specific policy. In addition, they should state the consequences of noncompliance. The rules should be in writing and will form the basis for security awareness and training. (used 0 times in citations and controls)	Per ISO 704:2009 methodology
Noun	The rules that have been established and implemented concerning use of, security in, and acceptable level of risk for the system. Rules will clearly delineate responsibilities and expected behavior of all individuals with access to the system. Rules should cover such matters as work at home, dial-in access, connection to the Internet, use of copyrighted works, unofficial use of federal government equipment, the assignment and limitation of system privileges and individual accountability. (used 95 times in citations and controls)	Per ISO 704:2009 methodology

Type	Other Form
None

Loading...

Displaying Controls in which this term is tagged – Show all Controls containing this term regardless of tagging

Displaying Controls containing this term – Show only Controls in which this term is tagged

Loading...

ID	Control
{{ control.id }}	{{ control.name }}
None

Displaying Citations in which this term is tagged – Show all Citations containing this term regardless of tagging

Loading...

AD ID	Authority Document	CT ID	Reference	Guidance	CC ID
{{ citation.authority_document.id }}	{{ citation.authority_document.common_name }}	{{ citation.id }}	{{ citation.reference }}	{{ citation.guidance_as_tagged \|\| citation.guidance }}	{{ citation.control.id }} None
None

rules of behavior