Establish a formal security policy and response plan

In compliance with NIST SP 800-100 Information Security Handbook: A Guide for Managers (http://csrc.nist.gov/publications/nistpubs/800-100/sp800-100-mar07-2007.pdf), Milestone recommends that you establish a formal security policy and a response plan that describe how your organization addresses security issues, in terms of practical procedures and guidelines. For example, a security policy can include:

• A password policy defined by the internal IT department
• Access control with ID badges
• Restrictions for smartphones from connecting to the network

Adopt existing IT policies and plans if they adhere to security best practices.

Learn more

The following control(s) provide additional guidance:

• NIST SP 800-53 IR-1 Incident Response Policy and Procedures
• NIST SP 800-53 PM-1 Information Security Program Plan