compliance controls are associated with this Policy definition 'Rescreen individuals at a defined frequency' (c6aeb800-0b19-944d-92dc-59b893722329)
| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| FedRAMP_High_R4 |
PS-3 |
FedRAMP_High_R4_PS-3 |
FedRAMP High PS-3 |
Personnel Security |
Personnel Screening |
Shared |
n/a |
The organization:
a. Screens individuals prior to authorizing access to the information system; and
b. Rescreens individuals according to [Assignment: organization-defined conditions requiring rescreening and, where rescreening is so indicated, the frequency of such rescreening].
Supplemental Guidance: Personnel screening and rescreening activities reflect applicable federal laws, Executive Orders, directives, regulations, policies, standards, guidance, and specific criteria established for the risk designations of assigned positions. Organizations may define different rescreening conditions and frequencies for personnel accessing information systems based on types of information processed, stored, or transmitted by the systems. Related controls: AC-2, IA-4, PE-2, PS-2.
References: 5 C.F.R. 731.106; FIPS Publications 199, 201; NIST Special Publications 800-60, 800-73, 800-76, 800-78; ICD 704. |
link |
3 |
| FedRAMP_Moderate_R4 |
PS-3 |
FedRAMP_Moderate_R4_PS-3 |
FedRAMP Moderate PS-3 |
Personnel Security |
Personnel Screening |
Shared |
n/a |
The organization:
a. Screens individuals prior to authorizing access to the information system; and
b. Rescreens individuals according to [Assignment: organization-defined conditions requiring rescreening and, where rescreening is so indicated, the frequency of such rescreening].
Supplemental Guidance: Personnel screening and rescreening activities reflect applicable federal laws, Executive Orders, directives, regulations, policies, standards, guidance, and specific criteria established for the risk designations of assigned positions. Organizations may define different rescreening conditions and frequencies for personnel accessing information systems based on types of information processed, stored, or transmitted by the systems. Related controls: AC-2, IA-4, PE-2, PS-2.
References: 5 C.F.R. 731.106; FIPS Publications 199, 201; NIST Special Publications 800-60, 800-73, 800-76, 800-78; ICD 704. |
link |
3 |
| hipaa |
0105.02a2Organizational.1-02.a |
hipaa-0105.02a2Organizational.1-02.a |
0105.02a2Organizational.1-02.a |
01 Information Protection Program |
0105.02a2Organizational.1-02.a 02.01 Prior to Employment |
Shared |
n/a |
Risk designations are assigned for all positions within the organization as appropriate, with commensurate screening criteria, and reviewed/revised every 365 days. |
|
6 |
| hipaa |
0106.02a2Organizational.23-02.a |
hipaa-0106.02a2Organizational.23-02.a |
0106.02a2Organizational.23-02.a |
01 Information Protection Program |
0106.02a2Organizational.23-02.a 02.01 Prior to Employment |
Shared |
n/a |
The pre-employment process is reviewed by recruitment to ensure security roles/responsibilities are specifically defined (in writing) and clearly communicated to job candidates. |
|
4 |
| ISO27001-2013 |
A.7.1.1 |
ISO27001-2013_A.7.1.1 |
ISO 27001:2013 A.7.1.1 |
Human Resources Security |
Screening |
Shared |
n/a |
Background verification checks for all candidates for employment shall be carried out in accordance with relevant laws, regulations and ethics and shall be proportional to the business requirements, the classification of the information to be accessed and the perceived risks. |
link |
3 |
|
mp.per.1 Job characterization |
mp.per.1 Job characterization |
404 not found |
|
|
|
n/a |
n/a |
|
41 |
| NIST_SP_800-53_R4 |
PS-3 |
NIST_SP_800-53_R4_PS-3 |
NIST SP 800-53 Rev. 4 PS-3 |
Personnel Security |
Personnel Screening |
Shared |
n/a |
The organization:
a. Screens individuals prior to authorizing access to the information system; and
b. Rescreens individuals according to [Assignment: organization-defined conditions requiring rescreening and, where rescreening is so indicated, the frequency of such rescreening].
Supplemental Guidance: Personnel screening and rescreening activities reflect applicable federal laws, Executive Orders, directives, regulations, policies, standards, guidance, and specific criteria established for the risk designations of assigned positions. Organizations may define different rescreening conditions and frequencies for personnel accessing information systems based on types of information processed, stored, or transmitted by the systems. Related controls: AC-2, IA-4, PE-2, PS-2.
References: 5 C.F.R. 731.106; FIPS Publications 199, 201; NIST Special Publications 800-60, 800-73, 800-76, 800-78; ICD 704. |
link |
3 |
| NIST_SP_800-53_R5 |
PS-3 |
NIST_SP_800-53_R5_PS-3 |
NIST SP 800-53 Rev. 5 PS-3 |
Personnel Security |
Personnel Screening |
Shared |
n/a |
a. Screen individuals prior to authorizing access to the system; and
b. Rescreen individuals in accordance with [Assignment: organization-defined conditions requiring rescreening and, where rescreening is so indicated, the frequency of rescreening]. |
link |
3 |
| PCI_DSS_v4.0 |
12.7.1 |
PCI_DSS_v4.0_12.7.1 |
PCI DSS v4.0 12.7.1 |
Requirement 12: Support Information Security with Organizational Policies and Programs |
Personnel are screened to reduce risks from insider threats |
Shared |
n/a |
Potential personnel who will have access to the CDE are screened, within the constraints of local laws, prior to hire to minimize the risk of attacks from internal sources. |
link |
3 |
| SWIFT_CSCF_v2022 |
5.3A |
SWIFT_CSCF_v2022_5.3A |
SWIFT CSCF v2022 5.3A |
5. Manage Identities and Segregate Privileges |
To the extent permitted and practicable, ensure the trustworthiness of staff operating the local SWIFT environment by performing regular staff screening. |
Shared |
n/a |
Staff operating the local SWIFT infrastructure are screened prior to initial appointment in that role and periodically thereafter. |
link |
5 |