NIST CSF: PR.IP-11 Subcategory

From NIST's Cyber Security Framework (version 1):

Cybersecurity is included in human resources practices (e.g., deprovisioning, personnel screening)

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

CSF Mapped to SP800-53 Controls

Generated from NIST's SP800-53/CSF Crosswalk mappings.

Node
PS-3: Personnel Screening
PS-6: Access Agreements
PS-7: External Personnel Security
PS-2: Position Risk Designation
SA-21: Developer Screening
PS-1: Policy and Procedures
PS-8: Personnel Sanctions
PS-4: Personnel Termination
PS-5: Personnel Transfer

Related ISO 27001 Controls

Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

  • Disciplinary process (7.2.3)
    ISO 27001:2013
  • Termination or change of employment responsibilities (7.3.1)
    ISO 27001:2013
  • Terms and conditions of employment (7.1.2)
    ISO 27001:2013
  • Return of assets (8.1.4)
    ISO 27001:2013
  • Screening (7.1.1)
    ISO 27001:2013
  • Management responsibilities (7.2.1)
    ISO 27001:2013
  • Information security, awareness, education, and training (7.2.2)
    ISO 27001:2013

Related ISA/IEC 62443 Controls

Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

  • Personnel security (4.3.3.2.1)
    ISA/IEC 62443-2-1:2009
  • Screen personnel initially (4.3.3.2.2)
    ISA/IEC 62443-2-1:2009
  • Screen personnel on an ongoing basis (4.3.3.2.3)
    ISA/IEC 62443-2-1:2009

CSF Mapped to the NCSC CAF

Cyber Assessment Framework mappings generated from UK Cabinet Office data.

Control ID Name Description
B2.d Identity and Access Management (IdAM) You closely manage and maintain identity and access control for users, devices and systems accessing the networks and information systems supporting the essential function.
B1.b Policy and Process Implementation You have successfully implemented your security policies and processes and can demonstrate the security benefits achieved.
B6.a Cyber Security Culture You develop and pursue a positive cyber security culture.
B6.b Cyber Security Training The people who support the operation of your essential function are appropriately trained in cyber security. A range of approaches to cyber security training, awareness and communications are employed.