Information Technology Reference
In-Depth Information
Category/
Subcategory/ 
Element
Control 
Reference
Control Summary
Interpretation
PS-2
Position
categorization
The organization assigns a risk
designation to all positions and
establishes screening criteria for
individuals filling those positions.
The organization reviews and
revises position risk designations
[assignment: organization-
deined frequency].
PS-3
Personnel screening
The organization screens
individuals requiring access to
organizational information and
information systems before
authorizing access.
PS-4
Personnel
termination
The organization, upon
termination of individual
employment, terminates
information system access,
conducts exit interviews, retrieves
all organizational information
system-related property, and
provides appropriate personnel
with access to official records
created by the terminated
employee that are stored on
organizational information
systems.
PS-5
Personnel transfer
The organization reviews
information systems/facilities
access authorizations when
personnel are reassigned or
transferred to other positions
within the organization and
initiates appropriate actions.
PS-6
Access agreements
The organization completes
appropriate signed access
agreements for individuals
requiring access to organizational
information and information
systems before authorizing access
and reviews/updates the
agreements [assignment:
organization-defined frequency].
 
Search WWH ::




Custom Search