Control: The organization:
-
Assigns a risk designation to all organizational positions;
-
Establishes screening criteria for individuals filling those positions; and
-
Reviews and updates position risk designations [Assignment: organization-defined frequency].
Supplemental Guidance: Position risk designations reflect Office of Personnel Management policy and guidance. Risk designations can guide and inform the types of authorizations individuals receive when accessing organizational information and information systems. Position screening criteria include explicit information security role appointment requirements (e.g., training, security clearances). Related controls: AT-3, PL-2, PS-3.
Control Enhancements: None.
References: 5 C.F.R. 731.106.
Priority and Baseline Allocation:
-
P1 | LOW PS-2 | MOD PS-2 | HIGH PS-2 |
PS-3 PERSONNEL SCREENING
Control: The organization:
-
Screens individuals prior to authorizing access to the information system; and
-
Rescreens individuals according to [Assignment: organization-defined conditions requiring rescreening and, where rescreening is so indicated, the frequency of such rescreening].
Supplemental Guidance: Personnel screening and rescreening activities reflect applicable federal laws, Executive Orders, directives, regulations, policies, standards, guidance, and specific criteria established for the risk designations of assigned positions. Organizations may define different rescreening conditions and frequencies for personnel accessing information systems based on types of information processed, stored, or transmitted by the systems. Related controls: AC-2, IA-4, PE-2, PS-2.
Control Enhancements:
-
personnel screening | classified Information
The organization ensures that individuals accessing an information system processing, storing, or transmitting classified information are cleared and indoctrinated to the highest classification level of the information to which they have access on the system.
Supplemental Guidance: Related controls: AC-3, AC-4.
-
personnel screening | formal indoctrination
The organization ensures that individuals accessing an information system processing, storing, or transmitting types of classified information which require formal indoctrination, are formally indoctrinated for all of the relevant types of information to which they have access on the system.
Supplemental Guidance: Types of classified information requiring formal indoctrination include, for example, Special Access Program (SAP), Restricted Data (RD), and Sensitive Compartment Information (SCI). Related controls: AC-3, AC-4.
-
personnel screening | information with special protection measures
The organization ensures that individuals accessing an information system processing, storing, or transmitting information requiring special protection:
-
Have valid access authorizations that are demonstrated by assigned official government duties; and
-
Satisfy [Assignment: organization-defined additional personnel screening criteria].
Supplemental Guidance: Organizational information requiring special protection includes, for example, Controlled Unclassified Information (CUI) and Sources and Methods Information (SAMI). Personnel security criteria include, for example, position sensitivity background screening requirements.
References: 5 C.F.R. 731.106; FIPS Publications 199, 201; NIST Special Publications 800-60, 800-73, 800-76, 800-78; ICD 704.
Priority and Baseline Allocation:
-
P1 | LOW PS-3 | MOD PS-3 | HIGH PS-3 |
Directory: publicationspublications -> Acm word Template for sig sitepublications -> Preparation of Papers for ieee transactions on medical imagingpublications -> Adjih, C., Georgiadis, L., Jacquet, P., & Szpankowski, W. (2006). Multicast tree structure and the power lawpublications -> Swiss Federal Institute of Technology (eth) Zurich Computer Engineering and Networks Laboratorypublications -> Quantitative skillspublications -> Multi-core cpu and gpu implementation of Discrete Periodic Radon Transform and Its Inversepublications -> List of Publications Department of Mechanical Engineering ucek, jntu kakinadapublications -> 1. 2 Authority 1 3 Planning Area 1publications -> Sa michelson, 2011: Impact of Sea-Spray on the Atmospheric Surface Layer. Bound. Layer Meteor., 140 ( 3 ), 361-381, doi: 10. 1007/s10546-011-9617-1, issn: Jun-14, ids: 807TW, sep 2011 Bao, jw, cw fairall, sa michelson
Share with your friends: |