Homexnetd.com
xnetd.com

NIST Special Publication NIST SP 800-171r3

3.9 PERSONNEL SECURITY | NIST 800-171 control 3.9, focuses on personnel security for protecting Controlled Unclassified Information (CUI). It mandates screening individuals before granting access to CUI systems and ensuring CUI and systems are protected during and after personnel actions like terminations and transfers. This involves background checks, access control adjustments, and secure handling of company property during personnel transitions.

NIST Special Publication NIST SP 800-171r3
Back to "NIST Special Publication NIST SP 800-171r3"
NIST Special Publication NIST SP 800-171r3
🖨️

3.9 PERSONNEL SECURITY

By wnoble2005@gmail.com (William Noble) 📅 2024-03-02
NIST 800-171 control 3.9, focuses on personnel security for protecting Controlled Unclassified Information (CUI). It mandates screening individuals before granting access to CUI systems and ensuring CUI and systems are protected during and after personnel actions like terminations and transfers. This involves background checks, access control adjustments, and secure handling of company property during personnel transitions.

(Image credit: q4q.com)


NIST 800-171 lays out security controls for safeguarding Controlled Unclassified Information (CUI) in nonfederal systems. One crucial aspect is personnel security, addressed in section 3.9. This section outlines two main requirements to ensure trust in those accessing CUI.

Firstly, it mandates screening individuals before authorizing access to CUI systems. This screening assesses an individual's trustworthiness through background checks, reference verifications, and security awareness training. These checks help identify any potential risks before granting access to sensitive information.

Secondly, the focus remains on securing CUI even during personnel changes. The requirement emphasizes procedures to revoke access upon termination or transfer. This includes disabling user accounts, terminating active sessions, and retrieving any government-issued equipment. These measures prevent unauthorized access to CUI after an employee departs the organization.

Go to 3.9 PERSONNEL SECURITY Page
Contents of 3.9 PERSONNEL SECURITY:


About "3.9 PERSONNEL SECURITY" 🡃
Category:Cybersecurity Maturity Model
Family:Access Control (AC 3.1), Audit and Accountability (AC 3.3), Awareness Training (AC 3.2), Configuration Management (AC 3.4), Identification and Authentication (AC 3.5), Incident Response (AC 3.6), Maintenance (AC 3.7), Media Protection (AC 3.8), Personnel Security (AC 3.9), Physical Protection (AC 3.10), Risk Assessment (AC 3.11), Security Assessment (AC 3.12), System and Communications Protection (AC 3.13), System and Information Integrity (AC 3.14)
NIST:NIST SP 800-171r3
#CybersecurityMaturityModel
⬅ Back to NIST Special Publication NIST SP 800-171r3

More on q4q.com

Q4Q Technical Solutions

© q4q.com 1999-2024