Personnel Security¶
External Personnel Security¶
PS-07
NIST SP 800-53 Revision 5.2.0
- Official NIST control ID:
PS-07 - Catalog version: 5.2.0
- OSCAL version: 1.2.2
- Catalog last modified: May 11, 2026
- a. Establish personnel security requirements, including security roles and responsibilities for external providers;
- b. Require external providers to comply with personnel security policies and procedures established by the organization;
- c. Document personnel security requirements;
- d. Require external providers to notify [Assignment: organization-defined personnel or roles] of any personnel transfers or terminations of external personnel who possess organizational credentials and/or badges, or who have system privileges within [Assignment: organization-defined time period]; and
- e. Monitor provider compliance with personnel security requirements.
FedRAMP Guidance
CSPs MUST clearly document any nationality requirements for any account type within its platform. If none exists, this must also be explicitly stated.