The IT Law Wiki


Control system[]

Personnel security

addresses security program roles and responsibilities implemented during all phases of staff employment, including staff recruitment and termination. The organization screens applicants for critical positions in the operation and maintenance of the control system. The organization trains personnel when they are hired and provides subsequent refresher training on their job tasks, responsibilities, and behavioral expectations concerning the security of the control system. The organization may consider implementing a confidentiality or nondisclosure agreement that employees and third-party users of control system facilities must sign before being granted access to the control system. The organization also documents and implements a process to secure resources and revoke access privileges when personnel terminate.[1]


Personnel security is

[a] security discipline that assesses the loyalty, reliability, and trustworthiness of individuals for initial and continued eligibility for access to classified information.[2]
[p]rocedures to ensure that persons who access a system have proper clearance, authorization, and need-to-know as required by the system's security policy.[3]
[t]he discipline of assessing the conduct, integrity, judgment, loyalty, reliability, and stability of individuals for duties and responsibilities requiring trustworthiness.[4]


"[P]ersonnel security lies at the very heart of our security system, and the trustworthiness of those who deal with sensitive and classified information must be ensured.[5]



  • NIST, Glossary for Computer Systems Security (Feb. 1976) (FIPS 39).

See also[]