// Level 3 · Controls

Personnel Security

NIST SP 800-53 Rev 5 Personnel Security controls.

PS-01Medium

Policy and Procedures

Develop, document, and disseminate to [parameter]:

PS-02Medium

Position Risk Designation

Assign a risk designation to all organizational positions;

PS-03Medium

Personnel Screening

Screen individuals prior to authorizing access to the system; and

PS-04Medium

Personnel Termination

Upon termination of individual employment:

PS-05Medium

Review and confirm ongoing operational need for current logical and physical access authorizations to systems and facilities when individuals are reassigned or transferred to other positions within the organization;

PS-06Medium

Access Agreements

Develop and document access agreements for organizational systems;

PS-07Medium

External Personnel Security

Establish personnel security requirements, including security roles and responsibilities for external providers;

PS-08Medium

Personnel Sanctions

Employ a formal sanctions process for individuals failing to comply with established information security and privacy policies and procedures; and

PS-09Medium

Position Descriptions

Incorporate security and privacy roles and responsibilities into organizational position descriptions.