home || catalog: SP800-53rev3 / class: Operational / family: (PS) Personnel Security ||
search controls:
search nistpubs:

AC
AT
AU
CA
CM
CP
IA
IR
MA
MP
PE
PL
PM
PS

PS-01
PS-02
PS-03
PS-04
PS-05
PS-06 *
PS-07
PS-08

RA
SA
SC
SI
MMMMM

  PS-06: Access Agreements  

base control objective:
The organization:
a. Ensures that individuals requiring access to organizational information and information systems sign appropriate access agreements prior to being granted access; and
b. Reviews/updates the access agreements [Assignment: organization-defined frequency].

supplemental objective information:
Access agreements include, for example, nondisclosure agreements, acceptable use agreements, rules of behavior, and conflict-of-interest agreements. Signed access agreements include an acknowledgement that individuals have read, understand, and agree to abide by the constraints associated with the information system to which access is authorized. Electronic signatures are acceptable for use in acknowledging access agreements unless specifically prohibited by organizational policy.

enhancements to the base objective:

(1) The organization ensures that access to information with special protection measures is granted only to individuals who:
(a) Have a valid access authorization that is demonstrated by assigned official government duties; and
(b) Satisfy associated personnel security criteria.
Enhancement Supplemental Guidance: Information with special protection measures includes, for example, privacy information, proprietary information, and Sources and Methods Information (SAMI). Personnel security criteria include, for example, position sensitivity background screening requirements.

(2) The organization ensures that access to classified, national security information with special protection measures is granted only to individuals who:
(a) Have a valid access authorization that is demonstrated by assigned official government duties;
(b) Satisfy associated personnel security criteria consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance; and
(c) Have read, understand, and signed a non-disclosure agreement.
Enhancement Supplemental Guidance: Examples of special protection measures include, for example, collateral, Special Access Program (SAP) and Sensitive Compartmented Information (SCI).

mapping to FIPS199 baseline:

  LOW: base     MOD: base     HIGH: base  

related (regimented) controls:

PL-04   Rules of Behavior

documents referenced in SP800-53rev3 for PS-06:

None.

Document Date Status Title

Search SP800-53rev3 catalog: