Under active development Content is continuously updated and improved

PS-9Position Descriptions

LI-SaaS
Low
Moderate
High

>Control Description

Incorporate security and privacy roles and responsibilities into organizational position descriptions.

>FedRAMP Baseline Requirements

No FedRAMP-specific parameter values or requirements for this baseline.

>Discussion

Specification of security and privacy roles in individual organizational position descriptions facilitates clarity in understanding the security or privacy responsibilities associated with the roles and the role-based security and privacy training requirements for the roles.

>Cross-Framework Mappings

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What policies govern the protection of organizational information accessed by personnel during and after employment?
  • How does the organization define and communicate information protection requirements during termination?
  • Who is responsible for ensuring personnel understand post-employment information protection obligations?
  • What process exists for obtaining commitments from departing personnel regarding continued protection of information?
  • What governance exists for enforcing post-employment information protection requirements?

Technical Implementation:

  • What systems track post-employment information protection obligations?
  • How are departing personnel commitments captured and stored?
  • What technical controls enforce information protection during off-boarding?

Evidence & Documentation:

  • Provide information protection policies applicable during and after employment.
  • Provide non-disclosure agreements or similar commitments from personnel.
  • Provide exit interview records addressing information protection obligations.
  • Provide evidence of departing personnel acknowledgment of ongoing obligations.
  • Provide documentation of post-employment information protection enforcement.

Ask AI

Configure your API key to use AI features.