The Agency's Human Resources department performs background checks for new employees. The chief information security officer performs additional personnel screening for users with access to mission-critical information resources based on a risk determination of the proposed access.
Employees, contractors and third party users breach security due to lack of management.
The organization:
a. Screens individuals prior to authorizing access to the information system; and
b. Rescreens individuals according to [Assignment: organization-defined conditions requiring rescreening and, where rescreening is so indicated, the frequency of such rescreening].
The organization uses background checks prior to hiring new employees.
The state organization screens individuals requiring access to organizational information and information systems before authorizing access.
Obtain personnel security policy; procedures addressing personnel screening; records of screened personnel; FIPS 201; NIST Special Publications 800-73, 800-76, and 800-78; other relevant documents or records and ascertain if :
(I)the organization screens individuals requiring access to organizational information and information systems prior to authorizing access.
(ii)the personnel screening is consistent with 5 CFR 731.106, OPM policy, regulations, and guidance, FIPS 201 and NIST Special Publications 800-73, 800-76, and 800-78, and the criteria established for the risk designation for the assigned position.
