PS-2: POSITION RISK DESIGNATION

TAILORED FOR INDUSTRIAL CONTROL SYSTEMS

ICS Control Baselines:
Low
Moderate
High

The organization:

a. Assigns a risk designation to all organizational positions;

b. Establishes screening criteria for individuals filling those positions; and

c. Reviews and updates position risk designations [Assignment: organization-defined frequency].

SUPPLEMENTAL GUIDANCE

Position risk designations reflect Office of Personnel Management policy and guidance. Risk designations can guide and inform the types of authorizations individuals receive when accessing organizational information and information systems. Position screening criteria include explicit information security role appointment requirements (e.g., training, security clearances).

ICS SUPPLEMENTAL GUIDANCE

No ICS Supplemental Guidance.

AT-3 — AWARENESS AND TRAINING SECURITY | ROLE-BASED SECURITY TRAINING

CONTROL ENHANCEMENTS

NO CONTROL ENHANCEMENTS

REFERENCES:

NIST Special Publication 800-82
5 C.F.R. 731.106