An error occurred:

CCI-001539

CCI-001539 Definition

Establish personnel security requirements including security roles and responsibilities for external providers.
Status
Type CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if personnel security requirements are established, including security roles and responsibilities for external providers.

Validation Procedures

Examine: [SELECT FROM: Personnel security policy; procedures addressing external personnel security; list of personnel security requirements; acquisition documents; service-level agreements; compliance monitoring process; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with personnel security responsibilities; external providers; system/network administrators; organizational personnel with account management responsibilities; organizational personnel with information security responsibilities]. Test: [SELECT FROM: Organizational processes for managing and monitoring external personnel security; mechanisms supporting and/or implementing the monitoring of provider compliance].