Red Hat Virtualization Manager - Personnel Security
Control responses for NIST 800-53 rev4.
Requirements Traceability Matrix
| Control | Name | Status |
|---|---|---|
| PS-1 | Personnel Security Policy And Procedures |
not applicable |
| PS-2 | Position Risk Designation |
not applicable |
| PS-3 | Personnel Screening |
not applicable |
| PS-3 (1) | Classified Information |
unknown |
| PS-3 (2) | Formal Indoctrination |
unknown |
| PS-3 (3) | Information With Special Protection Measures |
unknown |
| PS-4 | Personnel Termination |
not applicable |
| PS-4 (1) | Post-Employment Requirements |
unknown |
| PS-4 (2) | Automated Notification |
unknown |
| PS-5 | Personnel Transfer |
not applicable |
| PS-6 | Access Agreements |
not applicable |
| PS-6 (1) | Information Requiring Special Protection |
unknown |
| PS-6 (2) | Classified Information Requiring Special Protection |
unknown |
| PS-6 (3) | Post-Employment Requirements |
unknown |
| PS-7 | Third-Party Personnel Security |
not applicable |
| PS-8 | Personnel Sanctions |
not applicable |
PS-1: Personnel Security Policy And Procedures
The organization: a. Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]: 1. A personnel security policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and 2. Procedures to facilitate the implementation of the personnel security policy and associated personnel security controls; and b. Reviews and updates the current: 1. Personnel security policy [Assignment: organization-defined frequency]; and 2. Personnel security procedures [Assignment: organization-defined frequency].
|
|
|---|
|
Implementation Status:
not applicable |
| PS-1: What is the solution and how is it implemented? |
|---|
PS-2: Position Risk Designation
The organization: a. Assigns a risk designation to all organizational positions; b. Establishes screening criteria for individuals filling those positions; and c. Reviews and updates position risk designations [Assignment: organization-defined frequency].
|
|
|---|
|
Implementation Status:
not applicable |
| PS-2: What is the solution and how is it implemented? |
|---|
PS-3: Personnel Screening
The organization: a. Screens individuals prior to authorizing access to the information system; and b. Rescreens individuals according to [Assignment: organization-defined conditions requiring rescreening and, where rescreening is so indicated, the frequency of such rescreening].
|
|
|---|
|
Implementation Status:
not applicable |
| PS-3: What is the solution and how is it implemented? |
|---|
PS-3 (1): Classified Information
“The organization ensures that individuals accessing an information system processing, storing, or transmitting classified information are cleared and indoctrinated to the highest classification level of the information to which they have access on the system.”
|
|
|---|
|
Implementation Status:
unknown |
| PS-3 (1): What is the solution and how is it implemented? |
|---|
| This control has not been evaluated in the context of Red Hat Virtualization Manager. |
PS-3 (2): Formal Indoctrination
“The organization ensures that individuals accessing an information system processing, storing, or transmitting types of classified information which require formal indoctrination, are formally indoctrinated for all of the relevant types of information to which they have access on the system.”
|
|
|---|
|
Implementation Status:
unknown |
| PS-3 (2): What is the solution and how is it implemented? |
|---|
| This control has not been evaluated in the context of Red Hat Virtualization Manager. |
PS-3 (3): Information With Special Protection Measures
The organization ensures that individuals accessing an information system processing, storing, or transmitting information requiring special protection: (3)(a). Have valid access authorizations that are demonstrated by assigned official government duties; and (3)(b). Satisfy [Assignment: organization-defined additional personnel screening criteria].
|
|
|---|
|
Implementation Status:
unknown |
| PS-3 (3): What is the solution and how is it implemented? |
|---|
| This control has not been evaluated in the context of Red Hat Virtualization Manager. |
PS-4: Personnel Termination
The organization, upon termination of individual employment: a. Disables information system access within [Assignment: organization-defined time period]; b. Terminates/revokes any authenticators/credentials associated with the individual; c. Conducts exit interviews that include a discussion of [Assignment: organization-defined information security topics]; d. Retrieves all security-related organizational information system-related property; e. Retains access to organizational information and information systems formerly controlled by terminated individual; and f. Notifies [Assignment: organization-defined personnel or roles] within [Assignment: organization-defined time period].
|
|
|---|
| Implementation Status: |