PS-01 Policy and Procedures
a. Develop, document, and disseminate to ps-1_prm_1:
1. ps-01_odp.03 personnel security policy that:
(a) Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and
(b) Is consistent with applicable laws, executive orders, directives, regulations, policies, standards, and guidelines; and
2. Procedures to facilitate the implementation of the personnel security policy and the associated personnel security controls;
b. Designate an ps-01_odp.04 to manage the development, documentation, and dissemination of the personnel security policy and procedures; and
c. Review and update the current personnel security:
1. Policy ps-01_odp.05 and following ps-01_odp.06 ; and
2. Procedures ps-01_odp.07 and following ps-01_odp.08.
|ps-1_prm_1||organization-defined personnel or roles|
|ps-01_odp.01||personnel or roles|
|ps-01_odp.02||personnel or roles|
- SP 800-12 Nieles M, Pillitteri VY, Dempsey KL (2017) An Introduction to Information Security. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-12, Rev. 1.
- SP 800-30 Joint Task Force Transformation Initiative (2012) Guide for Conducting Risk Assessments. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-30, Rev. 1.
- SP 800-39 Joint Task Force Transformation Initiative (2011) Managing Information Security Risk: Organization, Mission, and Information System View. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-39.
- SP 800-100 Bowen P, Hash J, Wilson M (2006) Information Security Handbook: A Guide for Managers. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-100, Includes updates as of March 7, 2007.
Related controls 3
- PM-09 Risk Management Strategy L M H P
- PS-08 Personnel Sanctions L M H P
- SI-12 Information Management and Retention L M H P