PS-7: External Personnel Security

From NIST's SP800-53:

a. Establish personnel security requirements, including security roles and responsibilities for external providers; b. Require external providers to comply with personnel security policies and procedures established by the organization; c. Document personnel security requirements; d. Require external providers to notify [Assignment: organization-defined personnel or roles] of any personnel transfers or terminations of external personnel who possess organizational credentials and/or badges, or who have system privileges within [Assignment: organization-defined time period]; and e. Monitor provider compliance with personnel security requirements.

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

SP800-53 Control Mapped to NIST Cyber Security Framework

Generated from NISTs SP800-53/CSF Crosswalk mappings.

Search:

Control ID	Description
ID.GV-2	Cybersecurity roles and responsibilities are coordinated and aligned with internal roles and external partners
PR.IP-11	Cybersecurity is included in human resources practices (e.g., deprovisioning, personnel screening)
DE.CM-6	External service provider activity is monitored to detect potential cybersecurity events
ID.SC-4	Suppliers and third-party partners are routinely assessed using audits, test results, or other forms of evaluations to confirm they are meeting their contractual obligations.
PR.AT-3	Third-party stakeholders (e.g., suppliers, customers, partners) understand their roles and responsibilities
ID.AM-6	Cybersecurity roles and responsibilities for the entire workforce and third-party stakeholders (e.g., suppliers, customers, partners) are established

Showing 1 to 6 of 6 entries