CCI-001541

Implementation Guidance

Determine if provider compliance with personnel security requirements is monitored.

Validation Procedures

Examine: [SELECT FROM: Personnel security policy; procedures addressing external personnel security; list of personnel security requirements; acquisition documents; service-level agreements; compliance monitoring process; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with personnel security responsibilities; external providers; system/network administrators; organizational personnel with account management responsibilities; organizational personnel with information security responsibilities]. Test: [SELECT FROM: Organizational processes for managing and monitoring external personnel security; mechanisms supporting and/or implementing the monitoring of provider compliance].