Navigate

CCI-003043

CCI-003043 Definition

The organization defines the time period for third-party providers to notify organization-defined personnel or roles when third-party personnel who possess organizational credentials and /or badges or who have information system privileges are transferred or terminated.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

DoD has defined the time period as immediately.

Validation Procedures

The organization being inspected/assessed is automatically compliant with this CCI because they are covered at the DoD level. DoD has defined the time period as immediately.

Compelling Evidence

Automatically compliant.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-003043.

Control	Description
PS-7	The organization: PS-7a.: Establishes personnel security requirements including security roles and responsibilities for third-party providers; PS-7b.: Requires third-party providers to comply with personnel security policies and procedures established by the organization; PS-7c.: Documents personnel security requirements; PS-7d.: Requires third-party providers to notify [Assignment: organization-defined personnel or roles] of any personnel transfers or terminations of third-party personnel who possess organizational credentials and/or badges, or who have information system privileges within [Assignment: organization-defined time period]; and PS-7e.: Monitors provider compliance.

Control

Description

PS-7

The organization:

PS-7a.: Establishes personnel security requirements including security roles and responsibilities for third-party providers;

PS-7b.: Requires third-party providers to comply with personnel security policies and procedures established by the organization;

PS-7c.: Documents personnel security requirements;

PS-7d.: Requires third-party providers to notify [Assignment: organization-defined personnel or roles] of any personnel transfers or terminations of third-party personnel who possess organizational credentials and/or badges, or who have information system privileges within [Assignment: organization-defined time period]; and

PS-7e.: Monitors provider compliance.