Skip to content

Position of Trust - Training Covering Employee Standards of Conduct and Personal Responsibilities

An XCCDF Rule

Description

<VulnDiscussion>Failure to inform personnel of the expected standards of conduct while holding a position of trust can result in conduct by the individual that will require them being removed from that position or result in a person no longer meeting standards criteria continuing to hold a position of trust without proper vetting for suitability. REFERENCES: CJCSI 6510.01F, INFORMATION ASSURANCE (IA) AND SUPPORT TO COMPUTER NETWORK DEFENSE (CND); Enclosure A, paragraph 7.f. & 11. and Enclosure C, paragraph 4.e. & 5. NIST Special Publication 800-53 (SP 800-53), Rev 4, Controls: PS-1, PS-6, AT-1, AT-3 and PL-4. DoD 5220.22-M (NISPOM), Incorporating Change 2, 18 May 2016, Chapter 1, Section 2, paragraph 1-205 and Chapter 3. DoD Manual 5200.02, Procedures for the DoD Personnel Security Program (PSP), April 3, 2017, Paragraphs 9.2.,11.2.a. and 12.1. DoD 5200.2-R, Personnel Security Program, Chapter 2, paragraph C2.2., Chapter 9, paragraphs C9.1.4. & C9.2.3. (rescinded but provided for purpose of historical perspective/reference). DoD 5220.22-M (NISPOM), Incorporating Change 2, 18 May 2016, Chapter 1, Section 2, paragraph 1-205 and Chapter 3. DoD Manual 5200.02, Procedures for the DoD Personnel Security Program (PSP), April 3, 2017, Paragraphs 9.2.,11.2.a. and 12.1.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-245854r822919_rule
Severity
Low
Updated



Remediation - Manual Procedure

General Information:  
The effectiveness of an individual in meeting security responsibilities is proportional to the degree to which the individual understands them. Thus, an integral part of the DoD security program is the indoctrination and continuous training of individuals on their security responsibilities.  

FIX:
Ensure that Standards of Conduct and Personal Responsibilities are covered in initial, annual refresher and termination training/briefings.