Guidance for NIST 800-171 Assessment & Compliance
Applicable (Y)es / (N)o |
(C)onfidentiality |
(I)ntegrity |
(A)vailability |
RPN (C+I+A) |
(S)atisfactory |
||||||
L1 |
M2 |
H3 |
L1 |
M2 |
H3 |
L1 |
M2 |
H3 |
(O)ther than satisfactory +## |
||
|
|
|
|
|
|
|
|
|
|
|
|
###
ps-3(3) |
personnel screening | information with special protection measures |
||
|
assessment objective: Determine if the organization: |
||
ps-3(3)(a) |
ensures that individuals accessing an information system processing, storing, or transmitting information requiring special protection have valid access authorizations that are demonstrated by assigned official government duties; |
||
ps-3(3)(b) |
ps-3(3)(b)[1] |
defines additional personnel screening criteria to be satisfied for individuals accessing an information system processing, storing, or transmitting information requiring special protection; and |
|
ps-3(3)(b)[2] |
ensures that individuals accessing an information system processing, storing, or transmitting information requiring special protection satisfy organization-defined additional personnel screening criteria. |
||
potential assessment methods and objects: Examine: [select from: Personnel security policy; access control policy, procedures addressing personnel screening; records of screened personnel; screening criteria; records of access authorizations; other relevant documents or records]. Interview: [select from: Organizational personnel with personnel security responsibilities; organizational personnel with information security responsibilities]. Test: [select from: Organizational processes for ensuring valid access authorizations for information requiring special protection; organizational process for additional personnel screening for information requiring special protection]. |
|||
