The IT Law Wiki

Personnel security

32,068pages on
this wiki
Add New Page
Add New Page Talk0

Definitions Edit

Control system Edit

Personnel security

addresses security program roles and responsibilities implemented during all phases of staff employment, including staff recruitment and termination. The organization screens applicants for critical positions in the operation and maintenance of the control system. The organization trains personnel when they are hired and provides subsequent refresher training on their job tasks, responsibilities, and behavioral expectations concerning the security of the control system. The organization may consider implementing a confidentiality or nondisclosure agreement that employees and third-party users of control system facilities must sign before being granted access to the control system. The organization also documents and implements a process to secure resources and revoke access privileges when personnel terminate.[1]

General Edit

Personnel security is

[a] security discipline that assesses the loyalty, reliability, and trustworthiness of individuals for initial and continued eligibility for access to classified information.[2]
[p]rocedures to ensure that persons who access a system have proper clearance, authorization, and need-to-know as required by the system's security policy.[3]

Overview Edit

"[P]ersonnel security lies at the very heart of our security system, and the trustworthiness of those who deal with sensitive and classified information must be ensured.[4]

References Edit

  1. Catalog of Control Systems Security: Recommendations for Standards Developers, at 8.
  2. Intelligence Community Standard 700-01, at 17.
  3. Internet Security Glossary, at 123.
  4. NSTISSAM INFOSEC 1-99, at 1.

Source Edit

  • NIST, Glossary for Computer Systems Security (Feb. 1976) (FIPS 39).

See also Edit

Also on Fandom

Random Wiki