PS-02 Position Risk Designation
a. Assign a risk designation to all organizational positions;
b. Establish screening criteria for individuals filling those positions; and
c. Review and update position risk designations ps-02_odp.
| Parameter ID | Definition |
|---|---|
| ps-02_odp | frequency |
Baselines
- L
- M
- H
- P
Guidance
Position risk designations reflect Office of Personnel Management (OPM) policy and guidance. Proper position designation is the foundation of an effective and consistent suitability and personnel security program. The Position Designation System (PDS) assesses the duties and responsibilities of a position to determine the degree of potential damage to the efficiency or integrity of the service due to misconduct of an incumbent of a position and establishes the risk level of that position. The PDS assessment also determines if the duties and responsibilities of the position present the potential for position incumbents to bring about a material adverse effect on national security and the degree of that potential effect, which establishes the sensitivity level of a position. The results of the assessment determine what level of investigation is conducted for a position. Risk designations can guide and inform the types of authorizations that individuals receive when accessing organizational information and information systems. Position screening criteria include explicit information security role appointment requirements. Parts 1400 and 731 of Title 5, Code of Federal Regulations, establish the requirements for organizations to evaluate relevant covered positions for a position sensitivity and position risk designation commensurate with the duties and responsibilities of those positions.
References 2
- 5 CFR 731 Code of Federal Regulations, Title 5, *Administrative Personnel* , Section 731.106, *Designation of Public Trust Positions and Investigative Requirements* (5 C.F.R. 731.106).
- SP 800-181 Petersen R, Santos D, Smith MC, Wetzel KA, Witte G (2020) Workforce Framework for Cybersecurity (NICE Framework). (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-181, Rev. 1.
Related controls 10
- AC-05 Separation of Duties L M H P
- AT-03 Role-based Training L M H P
- PE-02 Physical Access Authorizations L M H P
- PE-03 Physical Access Control L M H P
- PL-02 System Security and Privacy Plans L M H P
- PS-03 Personnel Screening L M H P
- PS-06 Access Agreements L M H P
- SA-05 System Documentation L M H P
- SA-21 Developer Screening L M H P
- SI-12 Information Management and Retention L M H P