💼 GV.RR-04: Cybersecurity is included in human resources practices
- ID:
/frameworks/nist-csf-v2.0/gv-rr/04
Description​
- Integrate cybersecurity risk management considerations into human resources processes (e.g., personnel screening, onboarding, change notification, offboarding)
- Consider cybersecurity knowledge to be a positive factor in hiring, training, and retention decisions
- Conduct background checks prior to onboarding new personnel for sensitive roles, and periodically repeat background checks for personnel with such roles
- Define and enforce obligations for personnel to be aware of, adhere to, and uphold security policies as they relate to their roles
Similar​
- Sections
/frameworks/nist-csf-v1.1/pr-ip/11/frameworks/nist-sp-800-53-r5/pm/13/frameworks/nist-sp-800-53-r5/ps/01/frameworks/nist-sp-800-53-r5/ps/07/frameworks/nist-sp-800-53-r5/ps/09
Similar Sections (Take Policies From)​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 NIST CSF v1.1 → 💼 PR.IP-11: Cybersecurity is included in human resources practices (e.g., deprovisioning, personnel screening) | no data | ||||
| 💼 NIST SP 800-53 Revision 5 → 💼 PM-13 Security and Privacy Workforce | no data | ||||
| 💼 NIST SP 800-53 Revision 5 → 💼 PS-1 Policy and Procedures | no data | ||||
| 💼 NIST SP 800-53 Revision 5 → 💼 PS-7 External Personnel Security | no data | ||||
| 💼 NIST SP 800-53 Revision 5 → 💼 PS-9 Position Descriptions | no data |
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|