Organizational Control: Position Risk Designation

Control ID: PS-2 Position Risk Designation Family: Personnel Security Source: NIST 800-53r4
Control: The organization:
  1. Assigns a risk designation to all organizational positions;
  2. Establishes screening criteria for individuals filling those positions; and
  3. Reviews and updates position risk designations [Assignment: organization-defined frequency].
Supplemental Guidance:
Position risk designations reflect Office of Personnel Management policy and guidance. Risk designations can guide and inform the types of authorizations individuals receive when accessing organizational information and information systems. Position screening criteria include explicit information security role appointment requirements (e.g., training, security clearances).

Related Controls: AT-3, PL-2, PS-3
Control Enhancements: N/A
References: 5 C.F.R. 731.106.
Mechanisms:
Protocol Implementation Conformance Statements: N/A