home || catalog: SP800-53rev3 / class: Operational / family: (PS) Personnel Security ||
search controls:
search nistpubs:

AC
AT
AU
CA
CM
CP
IA
IR
MA
MP
PE
PL
PM
PS

PS-01
PS-02
PS-03
PS-04
PS-05
PS-06
PS-07 *
PS-08

RA
SA
SC
SI
MMMMM

  PS-07: Third-Party Personnel Security  

base control objective:
The organization:
a. Establishes personnel security requirements including security roles and responsibilities for third-party providers;
b. Documents personnel security requirements; and
c. Monitors provider compliance.

supplemental objective information:
Third-party providers include, for example, service bureaus, contractors, and other organizations providing information system development, information technology services, outsourced applications, and network and security management. The organization explicitly includes personnel security requirements in acquisition-related documents.

enhancements to the base objective:

(1) None.

mapping to FIPS199 baseline:

  LOW: base     MOD: base     HIGH: base  

related (regimented) controls:

None.

documents referenced in SP800-53rev3 for PS-07:

Document Date Status Title
NIST SP800-35 October, 2003 current   Guide to Information Technology Security Services

Search SP800-53rev3 catalog: