Procedural Control Examples

Procedural controls refer to the procedures performed by individuals. They are often detailed in written documents that an organization uses for security. Procedural controls are directives from senior management on how to address security within the organization. Previous versions of NIST SP 800-53 referred to these controls as administrative controls.

The following sections provide examples of some of the common procedural controls in these categories:

  • Policies and procedures
  • Security plans
  • Insurance and bonding
  • Background and financial checks
  • Data loss prevention program
  • Education, training, and awareness
  • Rules of behavior
  • Software testing

Policies and Procedures

Policies and procedures are written documents ...

Get Managing Risk in Information Systems, 3rd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.