Internal Security Directive (Equifax 2017 Incident (2020 oversight))¶
Use this to issue a directive or mandate from leadership on security: required actions, deadlines, or standards; creates clear accountability and follow-up.
Purpose¶
This directive establishes mandatory internal actions and timelines required to address risks and obligations associated with Equifax 2017 Incident (2020 oversight). It is intended to create clear operational expectations, ownership, and enforcement posture across relevant teams.
Hallucinated writing examples¶
Scenario: In an illustrative period following federal Equifax enforcement orders and ongoing MDL settlement administration (time), the Security Director (role) prepares a internal security directive (type) for leadership stakeholders (audience).
INTERNAL SECURITY DIRECTIVE
Context: This directive responds to post-2017 federal oversight and civil proceedings requiring sustained, demonstrable control maturity. It mandates immediate operational controls over internet-facing vulnerability remediation, privileged access, and evidence retention for designated high-risk systems.
Directive: Effective immediately, Tier-0 internet-facing assets shall comply with critical patch SLA and verification controls. Privileged access to designated environments shall use approved governance workflows with periodic recertification and monitoring. Exception requests must include business rationale, mitigation, owner, and revisit date. Teams shall complete initial compliance baseline and gap plans by December 31, 2020.
Accountability and Deadlines: System owners are accountable for implementation and evidence production. The CISO organization governs exception approvals and progress tracking. Compliance status shall be reported on defined cadence to risk governance; unresolved critical items trigger escalation to executive leadership and committee reporting.
Document-type guide: Internal Security Directive
Writing tips: Writing best practices — Internal Security Directive