Description
The organization assigns a risk designation to all positions and establishes screening criteria for individuals filling those positions. The organization reviews and revises position risk designations [Assignment: organization-defined frequency].\n
Supplemental Guidance
Position risk designations are consistent with 5 CFR 731.106(a) and Office of Personnel Management policy and guidance.\n
Enhancements
(0) None.\n
Compliance Mappings
ISO 27001:2022
7.27.2(a)7.2(b)7.2(c)7.2(d)
COBIT 2019
APO01.08
NIST CSF 2.0
GV.RR-02PR.AA-05
SOC 2 TSC
CC1.2CC1.2-POF1CC1.2-POF2CC1.2-POF3CC1.2-POF4CC1.3CC1.4-POF2CC1.4-POF6CC1.5CC5.3CC5.3-POF5
ISO 17799 (legacy)
8.1.2
COBIT 4.1 (legacy)
PO4.13PO7.3