When it comes to protecting sensitive information, NIST SP 800-171r2 requires we provide security around the people accessing your systems and data. The key is to ensure the people accessing your systems and data are trustworthy and have a lawful government purpose to do so. Here's a suggestion for handling new hires.
1. Background Checks
The first step is to have a process for background checks. This isn’t just a box to tick; it’s about making sure someone can be trusted with important information. A background check can reveal potential concerns, such as past criminal activity, financial problems, or other issues that might pose a risk. However, just because you see a “red flag” in a potential new hire’s background check it might not be an automatic disqualifier.
2. Questionnaire for Red Flags
If a background check shows any issues, you need to define which situations are non-starters for you. For instance, if the person was convicted of treason against the US government, you probably could stop the evaluation process.
However, other situations may be tolerable for you if you can establish the candidate is trustworthy. In these cases, the next step is to use a formal questionnaire to look deeper into the person’s trustworthiness. Develop a questionnaire that helps you better understand the details of the red flag and if you can trust the candidate.
Details of the Red Flag: What exactly came up in the background check?
Circumstances and Timing: What happened when the issue occurred? Was it a recent problem or something from a long time ago?
Type of Issue: Did the issue involve financial crimes, treason, or something else that could affect the organization’s security?
By looking at these factors, organizations can decide if someone is a risk or if they can be trusted to work with your sensitive information. Be sure to apply the background check and questionnaire consistently for all new hires.
Why It Matters
Personnel security isn’t just about following rules, it’s also about keeping your organization safe from potential threats. By securing your personnel, you’re one step closer to meeting the NIST SP 800-171r2 requirements and helping to create a more secure workplace.
Schedule a free 15-minute consultation with our cybersecurity experts to answer your questions about NIST SP 800-171r2 and how it affects your security practices.
About AXIOTROP, LLC:
AXIOTROP’s mission is to make cybersecurity accessible, attainable, and sustainable for small and medium-sized businesses so they remain competitive and poised for growth. We simplify cybersecurity by working closely with businesses to right-size their program for their needs, resulting in client retention, business expansion, and reduced risk.
Comments