PS-6

PS-6 ACCESS AGREEMENTS

Overview

Number	Title	Impact	Priority	Subject Area
PS-6	Access Agreements	LOW	P3	Personnel Security

Instructions
The organization: PS-6a. Develops and documents access agreements for organizational information systems; PS-6b. Reviews and updates the access agreements Assignment: organization-defined frequency; and PS-6c. Ensures that individuals requiring access to organizational information and information systems: PS-6c.1. Sign appropriate access agreements prior to being granted access; and PS-6c.2. Re-sign access agreements to maintain access to organizational information systems when access agreements have been updated or Assignment: organization-defined frequency.

Instructions

The organization:

PS-6a.

Develops and documents access agreements for organizational information systems;

PS-6b.

Reviews and updates the access agreements Assignment: organization-defined frequency; and

PS-6c.

Ensures that individuals requiring access to organizational information and information systems:

PS-6c.1.

Sign appropriate access agreements prior to being granted access; and

PS-6c.2.

Re-sign access agreements to maintain access to organizational information systems when access agreements have been updated or Assignment: organization-defined frequency.

Guidance
Access agreements include, for example, nondisclosure agreements, acceptable use agreements, rules of behavior, and conflict-of-interest agreements. Signed access agreements include an acknowledgement that individuals have read, understand, and agree to abide by the constraints associated with organizational information systems to which access is authorized. Organizations can use electronic signatures to acknowledge access agreements unless specifically prohibited by organizational policy.

Guidance

Access agreements include, for example, nondisclosure agreements, acceptable use agreements, rules of behavior, and conflict-of-interest agreements. Signed access agreements include an acknowledgement that individuals have read, understand, and agree to abide by the constraints associated with organizational information systems to which access is authorized. Organizations can use electronic signatures to acknowledge access agreements unless specifically prohibited by organizational policy.

Enhancements

PS-6 (1) Information Requiring Special Protection

Withdrawn: Incorporated into PS-3.

PS-6 (2) Classified Information Requiring Special Protection

Classified information requiring special protection includes, for example, collateral information, Special Access Program (SAP) information, and Sensitive Compartmented Information (SCI). Personnel security criteria reflect applicable federal laws, Executive Orders, directives, regulations, policies, standards, and guidance.

The organization ensures that access to classified information requiring special protection is granted only to individuals who:

PS-6 (2)(a)

Have a valid access authorization that is demonstrated by assigned official government duties;

PS-6 (2)(b)

Satisfy associated personnel security criteria; and

PS-6 (2)(c)

Have read, understood, and signed a nondisclosure agreement.

PS-6 (3) Post-Employment Requirements

Organizations consult with the Office of the General Counsel regarding matters of post-employment requirements on terminated individuals.

The organization:

PS-6 (3)(a)

Notifies individuals of applicable, legally binding post-employment requirements for protection of organizational information; and

PS-6 (3)(b)

Requires individuals to sign an acknowledgment of these requirements, if applicable, as part of granting initial access to covered information.