Navigate

CCI-003043

CCI-003043 Definition

Defines the time period for external providers to notify organization-defined personnel or roles when external personnel who possess organizational credentials and/or badges, or who have system privileges are transferred or terminated.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

DoD has defined the time period as immediately.

Validation Procedures

The organization being inspected/assessed is automatically compliant with this CCI because they are covered at the DoD level. DoD has defined the time period as immediately.

Compelling Evidence

Automatically compliant.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-003043.

Control	Description
PS-7	The organization: a: Establishes personnel security requirements including security roles and responsibilities for third-party providers; b: Requires third-party providers to comply with personnel security policies and procedures established by the organization; c: Documents personnel security requirements; d: Requires third-party providers to notify [organization-defined personnel or roles] of any personnel transfers or terminations of third-party personnel who possess organizational credentials and/or badges, or who have information system privileges within [organization-defined time period]; and e: Monitors provider compliance.

Control

Description

PS-7

The organization:

a: Establishes personnel security requirements including security roles and responsibilities for third-party providers;

b: Requires third-party providers to comply with personnel security policies and procedures established by the organization;

c: Documents personnel security requirements;

d: Requires third-party providers to notify [organization-defined personnel or roles] of any personnel transfers or terminations of third-party personnel who possess organizational credentials and/or badges, or who have information system privileges within [organization-defined time period]; and

e: Monitors provider compliance.