Description
The organization assigns a risk designation to all positions and establishes screening criteria for individuals filling those positions. The organization reviews and revises position risk designations [Assignment: organization-defined frequency].
Supplemental Guidance
Position risk designations are consistent with 5 CFR 731.106(a) and Office of Personnel Management policy and guidance.
Enhancements
(0) None.
Compliance Mappings
ISO 27002:2022
5.2
COBIT 2019
APO07
NIST CSF 2.0
GV.RR-02GV.RR-04
SOC 2 TSC
CC1.2CC1.2-POF1CC1.3CC1.4-POF2CC1.5CC5.3
ISO 42001:2023
A.3.2
NIS2 Directive
Art. 21(2)(i)
PRA Operational Resilience
SS1/21-5.1SS2/21-17.1
APRA CPS 234
Para 18
BSI IT-Grundschutz
ORP.2
ANSSI
Hygiene.15Hygiene.7SecNumCloud.8.1
FINMA Circular 2023/1
IV.B.a(48)IV.B.c(54)
OSFI B-13
B-13.1.1
EU GDPR
Art.32(4)
EU DORA
Art.5(4)
BIO2
5.2
RBI CSF
Annex1.8
FISC Security Guidelines
FISC.O8
LGPD + BCB 4893
LGPD.Art.47
DNB Good Practice
DNB.7.1DNB.8.1DNB.8.3
SAMA CSF
1.51.7
NCA ECC
1-9
UAE IA
T5
Qatar NIA
HR
CBE CSF
CD-1GOV-2
SA JS2
JS2-8.6
CBN CSF
Part1.2Part9
BoG CISD
CISD-XV
BoM CTRM
1.23.8
IOSCO Cyber Resilience
GOV-4
BCBS 239
Principle 1
CPMI-IOSCO PFMI
CG.GOV
FFIEC IS
I.BII.C.7II.C.7(a)II.C.7(c)
NYDFS 500
500.10
HIPAA Security Rule
§164.308(a)(3)(i)§164.308(a)(3)(ii)(A)§164.308(a)(3)(ii)(B)
ECB CROE
CROE.2.1.2CROE.2.3.2
SEBI CSCRF
GV.RR
BOT Cyber Resilience
Ch7.2
CMMC 2.0
PS
NERC CIP
CIP-004-7
10 CFR 73.54
RG5.71-C-PS
DOE C2M2 v2.1
WORKFORCE
API 1164
Sec 13
AWIA
AWWA Sec 8
IAEA NSS 17-T
Sec 9
PCI HSM
1
ISAE 3402
Clause 9
Solvency II
Art.42
NAIC Insurance Data Security
4-personnel
PRA SS1/23
P2.2P2.4
FCA SYSC 13
SYSC 13.6.1SYSC 13.6.2SYSC 13.6.4
HITRUST CSF v11
02.a
FDA 21 CFR Part 11
§11.10(i)
ISO 27799
6.27.1
MiCA
Art.34(1)Art.54(1)
Basel SCO60
SCO60.60
BSSC Standards
GSP-04
ISO 17799 (legacy)
8.1.2
COBIT 4.1 (legacy)
PO4.13PO7.3