Homexnetd.com
xnetd.com

Cybersecurity Maturity Model

3.9 PERSONNEL SECURITY | NIST 800-171 control 3.9, focuses on personnel security for protecting Controlled Unclassified Information (CUI). It mandates screening individuals before granting access to CUI systems and ensuring CUI and systems are protected during and after personnel actions like terminations and transfers. This involves background checks, access control adjustments, and secure handling of company property during personnel transitions.

Cybersecurity Maturity Model
Back to "Cybersecurity Maturity Model"
Cybersecurity Maturity Model
🖨️

3.9 PERSONNEL SECURITY

By wnoble2005@gmail.com (William Noble) 📅 2024-03-02
NIST 800-171 control 3.9, focuses on personnel security for protecting Controlled Unclassified Information (CUI). It mandates screening individuals before granting access to CUI systems and ensuring CUI and systems are protected during and after personnel actions like terminations and transfers. This involves background checks, access control adjustments, and secure handling of company property during personnel transitions.

(Image credit: q4q.com)


NIST 800-171 lays out security controls for safeguarding Controlled Unclassified Information (CUI) in nonfederal systems. One crucial aspect is personnel security, addressed in section 3.9. This section outlines two main requirements to ensure trust in those accessing CUI.

Firstly, it mandates screening individuals before authorizing access to CUI systems. This screening assesses an individual's trustworthiness through background checks, reference verifications, and security awareness training. These checks help identify any potential risks before granting access to sensitive information.


Secondly, the focus remains on securing CUI even during personnel changes. The requirement emphasizes procedures to revoke access upon termination or transfer. This includes disabling user accounts, terminating active sessions, and retrieving any government-issued equipment. These measures prevent unauthorized access to CUI after an employee departs the organization.

Family:Personnel Security (AC 3.9)
NIST:NIST SP 800-171r3

3.9.1 Screen individuals prior to authorizi...ing CUI- NIST 800-171 control 3.9.1 requires organizations to screen individuals before granting access to systems containing Controlled Unclassified Information.... (Page)
3.9.2 Ensure that organizational systems co...ansfers- NIST 800-171 rule 3.9.2 safeguards Controlled Unclassified Information (CUI) during employee transitions. Benefits include preventing unauthorized access.... (Page)

About "3.9 PERSONNEL SECURITY" 🡃
Category:Cybersecurity Maturity Model
Family:Personnel Security (AC 3.9)
NIST:NIST SP 800-171r3
Type:Basic Security Requirements
#CybersecurityMaturityModel #BasicSecurityRequirements
⬅ Back to Cybersecurity Maturity Model

More on q4q.com

Q4Q Technical Solutions

© q4q.com 1999-2024