Guidance for NIST 800-171 Assessment & Compliance
Applicable (Y)es / (N)o |
(C)onfidentiality |
(I)ntegrity |
(A)vailability |
RPN (C+I+A) |
(S)atisfactory |
||||||
L1 |
M2 |
H3 |
L1 |
M2 |
H3 |
L1 |
M2 |
H3 |
(O)ther than satisfactory +## |
||
|
|
|
|
|
|
|
|
|
|
|
|
###
ps-3(1) |
personnel screening | classified information |
|
|
assessment objective: Determine if the organization: |
|
ps-3(1)[1] |
ensures that individuals accessing an information system processing, storing, or transmitting classified information are cleared to the highest classification level of the information to which they have access on the system; and |
|
ps-3(1)[2] |
ensures that individuals accessing an information system processing, storing, or transmitting classified information are indoctrinated to the highest classification level of the information to which they have access on the system. |
|
potential assessment methods and objects: Examine: [select from: Personnel security policy; procedures addressing personnel screening; records of screened personnel; other relevant documents or records]. Interview: [select from: Organizational personnel with personnel security responsibilities; organizational personnel with information security responsibilities]. Test: [select from: Organizational processes for clearing and indoctrinating personnel for access to classified information]. |
||
