Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

A mandate is an official order or commission to perform a task. Mandates are often buried within sentences and within paragraphs in citations. A simple example of a mandate would be 'turn off the faucet' or 'feed the dog,' although you, as a member of the Mapping Team, are more likely to encounter a mandate like.'Ensure that your organization has an information security program in place' then 'feed the dog.'


As stated above, mandates are actions that an organization must perform. There can be one or multiple mandates in a citation. In the case of multiple mandates, each mandate must be tagged separately. These mandates fall into three categories: those that call for documentation about an action, the performing of the action, or testing for the action to have taken place.


How do you differentiate between the three? Glad you asked:

Documentation

Citations that refer to a process, procedure, policy, etc., call for documentation of an action.

For example, "Determine if the organization has a process for implementing access control" references "a process"; therefore, the mandate is about documentation.

Perform Action

When no explicit reference to documentation is made, the citation calls for the performance of an action.

For example, if the citation were written as "Implement access control," then the mandate would be about performing an action.

Test for Action

These are usually pretty easy to determine; they start with "ensure," "does the," "evaluate," "test," "observe," and "interview."


  • No labels