Search
  • Ignyte CMMC Specialist
    • Apr 1, 2020
    • 2 min read

NIST 800-171 | PERSONNEL SECURITY

These requirements go hand-in-hand with the physical protection family of requirements. It can most likely be conducted by the same team member such as the FSO.

The easiest way to implement this control is by placing a privacy screen on all the desktops within your company. If you want to help your employees ask them to purchase a similar screen for their mobile phones.


The requirement also ensures that after a person has been released of employment, that they turn in their badge and be removed from the physically secured area where CUI, ITARs and similar data is managed.



Personnel Security


3.9.1 Screen individuals prior to authorizing access to information systems containing CUI.


Personnel screening activities reflect

  • Applicable Federal Laws

  • Executive Orders

  • Directives

  • Policies

  • Regulations

  • Specific criteria established for the level of access required for assigned positions



3.9.2 Ensure that CUI and information systems containing CUI are protected during and after personnel actions such as terminations and transfers.


System-related property:

  • Hardware authentication tokens

  • Identification cards

  • System administration technical manuals

  • Keys

  • Building passes


Exit interviews ensure that individuals who have been terminated understand the security constraints imposed by being former employees and that proper accountability is achieved for system-related property.


Security topics of interest at exit interviews can include, for example, reminding terminated individuals of nondisclosure agreements and potential limitations on future employment.


Organizations define the CUI protections appropriate for the types of reassignments or transfers, whether permanent or extended.


Protections that may be required for transfers or reassignments to other positions within organizations include:

  • Returning old and issuing new keys

  • Identification cards, and building passes

  • Closing system accounts and establishing new accounts

  • Changing system access authorizations

  • Providing for access to official records to which individuals had access at previous work locations and in previous system accounts.



For further Information and Demo, please contact us:



  • LinkedIn
  • Facebook
  • Twitter
  • Instagram
  • YouTube
  • Pinterest

info@ignyteplatform.com | 1.833.IGNYTE1 

​​

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Generic disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
 

Gartner is a registered trademark and service mark of Gartner, Inc. and/or of its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved
 

Igntye © 2020 All Rights Reserved. Ignyte Assurance Platform, Privacy Policy and Terms of Service.