πΌ GV.RR-04: Cybersecurity is included in human resources practices
- Contextual name: πΌ GV.RR-04: Cybersecurity is included in human resources practices
- ID:
/frameworks/nist-csf-v2.0/gv-rr/04 - Located in: πΌ Roles, Responsibilities, and Authorities (GV.RR)
Descriptionβ
- Integrate cybersecurity risk management considerations into human resources processes (e.g., personnel screening, onboarding, change notification, offboarding)
- Consider cybersecurity knowledge to be a positive factor in hiring, training, and retention decisions
- Conduct background checks prior to onboarding new personnel for sensitive roles, and periodically repeat background checks for personnel with such roles
- Define and enforce obligations for personnel to be aware of, adhere to, and uphold security policies as they relate to their roles
Similarβ
- Sections
/frameworks/nist-csf-v1.1/pr-ip/11/frameworks/nist-sp-800-53-r5/pm/13/frameworks/nist-sp-800-53-r5/ps/01/frameworks/nist-sp-800-53-r5/ps/07/frameworks/nist-sp-800-53-r5/ps/09
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ NIST CSF v1.1 β πΌ PR.IP-11: Cybersecurity is included in human resources practices (e.g., deprovisioning, personnel screening) | ||||
| πΌ NIST SP 800-53 Revision 5 β πΌ PM-13 Security and Privacy Workforce | ||||
| πΌ NIST SP 800-53 Revision 5 β πΌ PS-1 Policy and Procedures | ||||
| πΌ NIST SP 800-53 Revision 5 β πΌ PS-7 External Personnel Security | ||||
| πΌ NIST SP 800-53 Revision 5 β πΌ PS-9 Position Descriptions |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|