💼 PS-7 THIRD-PARTY PERSONNEL SECURITY

• Contextual name: 💼 PS-7 THIRD-PARTY PERSONNEL SECURITY
• ID: /frameworks/nist-sp-800-53-r4/ps/07
• Located in: 💼 PS PERSONNEL SECURITY

Description

The organization: PS-7a. Establishes personnel security requirements including security roles and responsibilities for third-party providers; PS-7b. Requires third-party providers to comply with personnel security policies and procedures established by the organization; PS-7c. Documents personnel security requirements; PS-7d. Requires third-party providers to notify [Assignment: organization-defined personnel or roles] of any personnel transfers or terminations of third-party personnel who possess organizational credentials and/or badges, or who have information system privileges within [Assignment: organization-defined time period]; and PS-7e. Monitors provider compliance.

Similar

• Internal
  • ID: dec-c-a5e52a29

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 NIST CSF v1.1 → 💼 DE.CM-6: External service provider activity is monitored to detect potential cybersecurity events		6	6
💼 NIST CSF v1.1 → 💼 ID.AM-6: Cybersecurity roles and responsibilities for the entire workforce and third-party stakeholders (e.g., suppliers, customers, partners) are established
💼 NIST CSF v1.1 → 💼 ID.GV-2: Cybersecurity roles and responsibilities are coordinated and aligned with internal roles and external partners
💼 NIST CSF v1.1 → 💼 ID.SC-4: Suppliers and third-party partners are routinely assessed using audits, test results, or other forms of evaluations to confirm they are meeting their contractual obligations		15	19
💼 NIST CSF v1.1 → 💼 PR.AT-3: Third-party stakeholders (e.g., suppliers, customers, partners) understand their roles and responsibilities
💼 NIST CSF v1.1 → 💼 PR.IP-11: Cybersecurity is included in human resources practices (e.g., deprovisioning, personnel screening)

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags