💼 PS-7 THIRD-PARTY PERSONNEL SECURITY
- ID:
/frameworks/nist-sp-800-53-r4/ps/07
Description​
The organization: PS-7a. Establishes personnel security requirements including security roles and responsibilities for third-party providers; PS-7b. Requires third-party providers to comply with personnel security policies and procedures established by the organization; PS-7c. Documents personnel security requirements; PS-7d. Requires third-party providers to notify [Assignment: organization-defined personnel or roles] of any personnel transfers or terminations of third-party personnel who possess organizational credentials and/or badges, or who have information system privileges within [Assignment: organization-defined time period]; and PS-7e. Monitors provider compliance.
Similar​
Similar Sections (Give Policies To)​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|
| 💼 NIST CSF v1.1 → 💼 DE.CM-6: External service provider activity is monitored to detect potential cybersecurity events | | 6 | 7 | | no data |
| 💼 NIST CSF v1.1 → 💼 ID.AM-6: Cybersecurity roles and responsibilities for the entire workforce and third-party stakeholders (e.g., suppliers, customers, partners) are established | | | | | no data |
| 💼 NIST CSF v1.1 → 💼 ID.GV-2: Cybersecurity roles and responsibilities are coordinated and aligned with internal roles and external partners | | | | | no data |
| 💼 NIST CSF v1.1 → 💼 ID.SC-4: Suppliers and third-party partners are routinely assessed using audits, test results, or other forms of evaluations to confirm they are meeting their contractual obligations | | 15 | 19 | | no data |
| 💼 NIST CSF v1.1 → 💼 PR.AT-3: Third-party stakeholders (e.g., suppliers, customers, partners) understand their roles and responsibilities | | | | | no data |
| 💼 NIST CSF v1.1 → 💼 PR.IP-11: Cybersecurity is included in human resources practices (e.g., deprovisioning, personnel screening) | | | | | no data |
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|