The National Institute of Standards and Technology (NIST) has developed a guide to assist businesses with adherence to Defense Federal Acquisition Register Supplement (DFARS) standards. The ninth of the 14 Families of Requirements for NIST 800-171 compliance is personnel security.
What is Personnel Security in Terms of NIST 800-171?
The Personnel Security family of requirements dictates that the business has a proper screening process for hiring new employees, including background checks. The business is also required to have a proper employee termination process, and a process for reassigned or transferred personnel. The business must have an accurate list of all employees at all times, including those working remotely and contractors who will be required to sign confidentiality agreements. A policy must be implemented to identify all personnel who have access to CUI, or anyone with potential access to such information. Once someone becomes an employee it’s important for them to receive the proper training regarding their job role, as well as required training on security controls or data handling policies. Personnel security has 2 Basic Security requirements and no Derived Security Requirements.
Basic Security Requirements:
- 3.9.1 Screen individuals prior to authorizing access to organizational systems containing CUI.
- 3.9.2 Ensure that organizational systems containing CUI are protected during and after personnel actions such as terminations and transfers
To learn more about NIST SP 800-171 Compliance please visit NIST.SP.800-171r2.pdf and be sure to review the assessment guide:SP 800-171A, Assessing Security Requirements for CUI | CSRC. NeQter Labs can assist you with building the foundation for your cyber security and compliance program. By combining SIEM, vulnerability scanning, inventory and documentation into a single platform, NeQter allows you to get a jump start on your DFARS-7012/NIST 800-171/CMMC compliance project. Our extensive partner network ensures that no matter what, we can assist you with all your compliance needs. Contact us here.