PS-7: External Personnel Security

NIST Baseline: Low

It is the responsibility of the information resource owner, or designee, to:
- Establish and document personnel security requirements including security roles and responsibilities for third-party providers;
- Require third-party providers to comply with personnel security policies and procedures established by Tarleton State University (Tarleton);
- Require third-party providers to notify unit managers of any personnel transfers or terminations of third-party personnel who possess Tarleton credentials, or who have information resource privileges as soon as feasible; and
- Monitor provider compliance.