OpenShift Container Platform 3.x - Personnel Security

Control responses for NIST 800-53 rev4.


Requirements Traceability Matrix

Control Name Status
PS-1 Personnel Security Policy And Procedures

not applicable

PS-2 Position Risk Designation

not applicable

PS-3 Personnel Screening

not applicable

PS-3 (1) Classified Information

not applicable

PS-3 (2) Formal Indoctrination

not applicable

PS-3 (3) Information With Special Protection Measures

not applicable

PS-4 Personnel Termination

not applicable

PS-4 (1) Post-Employment Requirements

not applicable

PS-4 (2) Automated Notification

not applicable

PS-5 Personnel Transfer

not applicable

PS-6 Access Agreements

not applicable

PS-6 (1) Information Requiring Special Protection
PS-6 (2) Classified Information Requiring Special Protection

not applicable

PS-6 (3) Post-Employment Requirements

not applicable

PS-7 Third-Party Personnel Security

not applicable

PS-8 Personnel Sanctions

not applicable




PS-1: Personnel Security Policy And Procedures

The organization: a. Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]: 1. A personnel security policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and 2. Procedures to facilitate the implementation of the personnel security policy and associated personnel security controls; and b. Reviews and updates the current: 1. Personnel security policy [Assignment: organization-defined frequency]; and 2. Personnel security procedures [Assignment: organization-defined frequency].

PS-1 Control Response Information
Implementation Status:

not applicable

PS-1: What is the solution and how is it implemented?

‘This control reflects organizational procedures/policies, and is not applicable to the configuration of OpenShift.’




PS-2: Position Risk Designation

The organization: a. Assigns a risk designation to all organizational positions; b. Establishes screening criteria for individuals filling those positions; and c. Reviews and updates position risk designations [Assignment: organization-defined frequency].

PS-2 Control Response Information
Implementation Status:

not applicable

PS-2: What is the solution and how is it implemented?

‘This control reflects organizational procedures/policies, and is not applicable to the configuration of OpenShift.’




PS-3: Personnel Screening

The organization: a. Screens individuals prior to authorizing access to the information system; and b. Rescreens individuals according to [Assignment: organization-defined conditions requiring rescreening and, where rescreening is so indicated, the frequency of such rescreening].

PS-3 Control Response Information
Implementation Status:

not applicable

PS-3: What is the solution and how is it implemented?

‘This control reflects organizational procedures/policies, and is not applicable to the configuration of OpenShift.’




PS-3 (1): Classified Information

“The organization ensures that individuals accessing an information system processing, storing, or transmitting classified information are cleared and indoctrinated to the highest classification level of the information to which they have access on the system.”

PS-3 (1) Control Response Information
Implementation Status:

not applicable

PS-3 (1): What is the solution and how is it implemented?

‘This control reflects organizational procedures/policies, and is not applicable to the configuration of OpenShift.’




PS-3 (2): Formal Indoctrination

“The organization ensures that individuals accessing an information system processing, storing, or transmitting types of classified information which require formal indoctrination, are formally indoctrinated for all of the relevant types of information to which they have access on the system.”

PS-3 (2) Control Response Information
Implementation Status:

not applicable

PS-3 (2): What is the solution and how is it implemented?

‘This control reflects organizational procedures/policies, and is not applicable to the configuration of OpenShift.’




PS-3 (3): Information With Special Protection Measures

The organization ensures that individuals accessing an information system processing, storing, or transmitting information requiring special protection: (3)(a). Have valid access authorizations that are demonstrated by assigned official government duties; and (3)(b). Satisfy [Assignment: organization-defined additional personnel screening criteria].

PS-3 (3) Control Response Information
Implementation Status: