Joint task force transformation initiative


PS-2 POSITION RISK DESIGNATION



Download 5.8 Mb.
Page118/186
Date31.01.2017
Size5.8 Mb.
#13082
1   ...   114   115   116   117   118   119   120   121   ...   186



PS-2 POSITION RISK DESIGNATION


Control: The organization:

  1. Assigns a risk designation to all organizational positions;

  2. Establishes screening criteria for individuals filling those positions; and

  3. Reviews and updates position risk designations [Assignment: organization-defined frequency].

Supplemental Guidance: Position risk designations reflect Office of Personnel Management policy and guidance. Risk designations can guide and inform the types of authorizations individuals receive when accessing organizational information and information systems. Position screening criteria include explicit information security role appointment requirements (e.g., training, security clearances). Related controls: AT-3, PL-2, PS-3.

Control Enhancements: None.

References: 5 C.F.R. 731.106.
Priority and Baseline Allocation:

P1

LOW PS-2

MOD PS-2

HIGH PS-2



PS-3 PERSONNEL SCREENING


Control: The organization:

  1. Screens individuals prior to authorizing access to the information system; and

  2. Rescreens individuals according to [Assignment: organization-defined conditions requiring rescreening and, where rescreening is so indicated, the frequency of such rescreening].

Supplemental Guidance: Personnel screening and rescreening activities reflect applicable federal laws, Executive Orders, directives, regulations, policies, standards, guidance, and specific criteria established for the risk designations of assigned positions. Organizations may define different rescreening conditions and frequencies for personnel accessing information systems based on types of information processed, stored, or transmitted by the systems. Related controls: AC-2, IA-4, PE-2, PS-2.

Control Enhancements:

  1. personnel screening | classified Information

The organization ensures that individuals accessing an information system processing, storing, or transmitting classified information are cleared and indoctrinated to the highest classification level of the information to which they have access on the system.

Supplemental Guidance: Related controls: AC-3, AC-4.

  1. personnel screening | formal indoctrination

The organization ensures that individuals accessing an information system processing, storing, or transmitting types of classified information which require formal indoctrination, are formally indoctrinated for all of the relevant types of information to which they have access on the system.

Supplemental Guidance: Types of classified information requiring formal indoctrination include, for example, Special Access Program (SAP), Restricted Data (RD), and Sensitive Compartment Information (SCI). Related controls: AC-3, AC-4.

  1. personnel screening | information with special protection measures

The organization ensures that individuals accessing an information system processing, storing, or transmitting information requiring special protection:

    1. Have valid access authorizations that are demonstrated by assigned official government duties; and

    2. Satisfy [Assignment: organization-defined additional personnel screening criteria].

Supplemental Guidance: Organizational information requiring special protection includes, for example, Controlled Unclassified Information (CUI) and Sources and Methods Information (SAMI). Personnel security criteria include, for example, position sensitivity background screening requirements.

References: 5 C.F.R. 731.106; FIPS Publications 199, 201; NIST Special Publications 800-60, 800-73, 800-76, 800-78; ICD 704.

Priority and Baseline Allocation:


P1

LOW PS-3

MOD PS-3

HIGH PS-3


Directory: publications
publications -> Acm word Template for sig site
publications ->  Preparation of Papers for ieee transactions on medical imaging
publications -> Adjih, C., Georgiadis, L., Jacquet, P., & Szpankowski, W. (2006). Multicast tree structure and the power law
publications -> Swiss Federal Institute of Technology (eth) Zurich Computer Engineering and Networks Laboratory
publications -> Quantitative skills
publications -> Multi-core cpu and gpu implementation of Discrete Periodic Radon Transform and Its Inverse
publications -> List of Publications Department of Mechanical Engineering ucek, jntu kakinada
publications -> 1. 2 Authority 1 3 Planning Area 1
publications -> Sa michelson, 2011: Impact of Sea-Spray on the Atmospheric Surface Layer. Bound. Layer Meteor., 140 ( 3 ), 361-381, doi: 10. 1007/s10546-011-9617-1, issn: Jun-14, ids: 807TW, sep 2011 Bao, jw, cw fairall, sa michelson

Download 5.8 Mb.

Share with your friends:
1   ...   114   115   116   117   118   119   120   121   ...   186




The database is protected by copyright ©ininet.org 2024
send message

    Main page