Position of Trust - Local Policy Covering Employee Personal Standards of Conduct and Responsibilities
An XCCDF Rule
Description
<VulnDiscussion>Failure to inform personnel of the expected standards of conduct while holding a position of trust can result in conduct by the individual that will require them being removed from that position and/or result in an untrustworthy person continuing in a position of trust without proper vetting of new derogatory information. REFERENCES: CJCSI 6510.01F, INFORMATION ASSURANCE (IA) AND SUPPORT TO COMPUTER NETWORK DEFENSE (CND); Enclosure A, paragraph 7.f. and Enclosure C, paragraph 4.e. and 5. NIST Special Publication 800-53 (SP 800-53), Rev 4, Controls: PS-1, PS-6, AT-1, AT-3 and PL-4. DoD 5220.22-M (NISPOM), Incorporating Change 2, 18 May 2016, Chapter paragraphs 3-107.d. and 3-108. DoD Manual 5200.02, Procedures for the DoD Personnel Security Program (PSP), April 3, 2017, Paragraphs 7.4. ADJUDICATIVE GUIDELINES, 9.2., 11.2. a. (1), (2), (3) and b. 12.1. White House Memorandum and Intelligence Community Policy Guidance 704.2, December 29, 2005, Subject: Adjudicative Guidelines DoD 5200.2-R, Personnel Security Program, Chapter 9, paragraph C9.1.2 - Management Responsibility (rescinded but provided for purpose of historical perspective/reference).</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-245853r822918_rule
- Severity
- Low
- Updated
Remediation - Manual Procedure
Ensure that a local policy exists and is readily available to employees that informs them about pertinent security regulations and standards of conduct required of persons holding positions of trust, including (and especially) the requirement to report derogatory information to their local security manager.
SOPs should be readily available to all employees in a common reading library or more efficiently, accessible on line in a common file or organization intranet.