Joint task force transformation initiative

PS-2 POSITION RISK DESIGNATION

Yüklə 5,64 Mb.

səhifə	118/186
tarix	08.01.2019
ölçüsü	5,64 Mb.
	#93199

1 ... 114 115 116 117 118 119 120 121 ... 186

P1 LOW PS-2
P1 LOW PS-3

PS-2 POSITION RISK DESIGNATION

Control: The organization:

Assigns a risk designation to all organizational positions;
Establishes screening criteria for individuals filling those positions; and
Reviews and updates position risk designations [Assignment: organization-defined frequency].

Supplemental Guidance: Position risk designations reflect Office of Personnel Management policy and guidance. Risk designations can guide and inform the types of authorizations individuals receive when accessing organizational information and information systems. Position screening criteria include explicit information security role appointment requirements (e.g., training, security clearances). Related controls: AT-3, PL-2, PS-3.

Control Enhancements: None.

References: 5 C.F.R. 731.106.
Priority and Baseline Allocation:

P1

LOW PS-2

MOD PS-2

HIGH PS-2

PS-3 PERSONNEL SCREENING

Control: The organization:

Screens individuals prior to authorizing access to the information system; and
Rescreens individuals according to [Assignment: organization-defined conditions requiring rescreening and, where rescreening is so indicated, the frequency of such rescreening].

Supplemental Guidance: Personnel screening and rescreening activities reflect applicable federal laws, Executive Orders, directives, regulations, policies, standards, guidance, and specific criteria established for the risk designations of assigned positions. Organizations may define different rescreening conditions and frequencies for personnel accessing information systems based on types of information processed, stored, or transmitted by the systems. Related controls: AC-2, IA-4, PE-2, PS-2.

Control Enhancements:

personnel screening | classified Information

The organization ensures that individuals accessing an information system processing, storing, or transmitting classified information are cleared and indoctrinated to the highest classification level of the information to which they have access on the system.

Supplemental Guidance: Related controls: AC-3, AC-4.

personnel screening | formal indoctrination

The organization ensures that individuals accessing an information system processing, storing, or transmitting types of classified information which require formal indoctrination, are formally indoctrinated for all of the relevant types of information to which they have access on the system.

Supplemental Guidance: Types of classified information requiring formal indoctrination include, for example, Special Access Program (SAP), Restricted Data (RD), and Sensitive Compartment Information (SCI). Related controls: AC-3, AC-4.

personnel screening | information with special protection measures

The organization ensures that individuals accessing an information system processing, storing, or transmitting information requiring special protection:

Have valid access authorizations that are demonstrated by assigned official government duties; and
Satisfy [Assignment: organization-defined additional personnel screening criteria].

Supplemental Guidance: Organizational information requiring special protection includes, for example, Controlled Unclassified Information (CUI) and Sources and Methods Information (SAMI). Personnel security criteria include, for example, position sensitivity background screening requirements.

References: 5 C.F.R. 731.106; FIPS Publications 199, 201; NIST Special Publications 800-60, 800-73, 800-76, 800-78; ICD 704.

Priority and Baseline Allocation:

P1

LOW PS-3

MOD PS-3

HIGH PS-3

Yüklə 5,64 Mb.

Dostları ilə paylaş:

1 ... 114 115 116 117 118 119 120 121 ... 186