Guidance for NIST 800-171 Assessment & Compliance
Applicable (Y)es / (N)o |
(C)onfidentiality |
(I)ntegrity |
(A)vailability |
RPN (C+I+A) |
(S)atisfactory |
||||||
L1 |
M2 |
H3 |
L1 |
M2 |
H3 |
L1 |
M2 |
H3 |
(O)ther than satisfactory +## |
||
|
|
|
|
|
|
|
|
|
|
|
|
###
ps-3(2) |
personnel screening | formal indoctrination |
|
assessment objective: Determine if the organization ensures that individuals accessing an information system processing, storing, or transmitting types of classified information which require formal indoctrination, are formally indoctrinated for all of the relevant types of information to which they have access on the system. |
potential assessment methods and objects: Examine: [select from: Personnel security policy; procedures addressing personnel screening; records of screened personnel; other relevant documents or records]. Interview: [select from: Organizational personnel with personnel security responsibilities; organizational personnel with information security responsibilities]. Test: [select from: Organizational processes for formal indoctrination for all relevant types of information to which personnel have access]. |
