NIST CSF: PR.IP-11 Subcategory

From NIST's Cyber Security Framework (version 1):

Cybersecurity is included in human resources practices (e.g., deprovisioning, personnel screening)

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

CSF Mapped to SP800-53 Controls

Generated from NIST's SP800-53/CSF Crosswalk mappings.

Search:

Node
PS-3: Personnel Screening
PS-6: Access Agreements
PS-7: External Personnel Security
PS-2: Position Risk Designation
SA-21: Developer Screening
PS-1: Policy and Procedures
PS-8: Personnel Sanctions
PS-4: Personnel Termination
PS-5: Personnel Transfer

Showing 1 to 9 of 9 entries

Related ISO 27001 Controls

Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

Disciplinary process (7.2.3)
ISO 27001:2013
Termination or change of employment responsibilities (7.3.1)
ISO 27001:2013
Terms and conditions of employment (7.1.2)
ISO 27001:2013
Return of assets (8.1.4)
ISO 27001:2013
Screening (7.1.1)
ISO 27001:2013
Management responsibilities (7.2.1)
ISO 27001:2013
Information security, awareness, education, and training (7.2.2)
ISO 27001:2013

Related ISA/IEC 62443 Controls

Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

Personnel security (4.3.3.2.1)
ISA/IEC 62443-2-1:2009
Screen personnel initially (4.3.3.2.2)
ISA/IEC 62443-2-1:2009
Screen personnel on an ongoing basis (4.3.3.2.3)
ISA/IEC 62443-2-1:2009

CSF Mapped to the NCSC CAF

Cyber Assessment Framework mappings generated from UK Cabinet Office data.

Search:

Control ID	Name	Description
B2.d	Identity and Access Management (IdAM)	You closely manage and maintain identity and access control for users, devices and systems accessing the networks and information systems supporting the essential function.
B1.b	Policy and Process Implementation	You have successfully implemented your security policies and processes and can demonstrate the security benefits achieved.
B6.a	Cyber Security Culture	You develop and pursue a positive cyber security culture.
B6.b	Cyber Security Training	The people who support the operation of your essential function are appropriately trained in cyber security. A range of approaches to cyber security training, awareness and communications are employed.

Showing 1 to 4 of 4 entries

NIST CSF: PR.IP-11 Subcategory

Cyber Threat Graph Context

CSF Mapped to SP800-53 Controls

Related ISO 27001 Controls

Disciplinary process (7.2.3)

Termination or change of employment responsibilities (7.3.1)

Terms and conditions of employment (7.1.2)

Return of assets (8.1.4)

Screening (7.1.1)

Management responsibilities (7.2.1)

Information security, awareness, education, and training (7.2.2)

Related ISA/IEC 62443 Controls

Personnel security (4.3.3.2.1)

Screen personnel initially (4.3.3.2.2)

Screen personnel on an ongoing basis (4.3.3.2.3)

CSF Mapped to the NCSC CAF