Hello all! I'd like your thoughts and feedback on a document, the Acceptable Use Standard. https://docs.google.com/a/raisingthefloor.org/document/d/1Lkx67YxJmL7LyOx8eCD0IED84_J7ZRQUudPpfNCjPkg/edit?usp=sharing
As background, remember that as part of moving toward getting ready for NIST/FedRAMP/HIPAA/ISO/etc. (and more broadly, as part of building out the security processes that will let us work with outside organizations that want to make sure we're doing the security groundwork they expect), we've developed policy documents. Policies generally say "we're going to do things in this area." Accompanying those are standards documents; they say how we're going to do things. (Said another way, policies say we will jump, standards say how high a jump is.) The Acceptable Use Standard is, then, one of those how-high documents; specifically, it's the document that says what the organization believes to be unacceptable (and thus sanctionable) behavior when using RtF resources (defined in the document, but generally it's anything RtF owns/maintains/operates). These are pretty standard (I'm sure you've each signed twenty of them), but despite being kind of boring, we need to have one (required by, e.g., NIST 800-53r4 PS-6 and ISO 27002 8.1.3). I'm requesting feedback before January 16; this will give everyone time to take a look, ask any questions you have, and offer any suggestions you might have (earnestly welcomed!). Thanks much! ---Brendan O'Connor
_______________________________________________ Architecture mailing list [email protected] https://lists.gpii.net/mailman/listinfo/architecture
