Requirement:
Personnel cybersecurity requirements (prior to employment, during employment and after termination/separation) must be defined, documented and approved.
Control Implementation Guidelines:
- Define and document personnel cybersecurity requirements in the cybersecurity requirements document and approved by the representative. Requirements include, but are not limited to:
- Include cybersecurity responsibilities and non-disclosure clauses in the contracts of employees in the organization (to cover the periods during and after the end/termination of the job relationship with the organization)
- Conduct screening or vetting for the personnel of cybersecurity functions, technical functions with privileged access, and critical systems functions
- Ensure the comprehensiveness of the cybersecurity requirements related to employees during the employee's lifecycle in the organization, including the following requirements:
- Cybersecurity requirements prior to recruitment
- Cybersecurity requirements during work
- Cybersecurity requirements upon completion or termination of work
- Support the organization's policy by the Executive Management. This must be done through the approval of the organization head or his/her deputy
Relevant Cybersecurity Tools:
- Human Resources Cybersecurity Policy Template
Expected Deliverables:
- Cybersecurity policy for human resources approved by the representative
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
CMMC Level 1 Compliance
Become compliant, provide compliance services, or verify partner compliance with CMMC Level 1 Basic Safeguarding of Covered Contractor Information Systems requirements.
NIST SP 800-171 & CMMC Level 2 Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC Level 2 requirements.
HIPAA Compliance
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.