Position of Trust - Knowledge of Responsibility to Self Report Derogatory Information

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-32336	PE-01.03.01	SV-42673r3_rule		Low

Description
Failure to inform personnel of the expected standards of conduct while holding a position of trust and their responsibility to self-report derogatory information to the organization security manager can result in conduct by the individual that will require them being removed from that position REFERENCES: CJCSI 6510.01F, INFORMATION ASSURANCE (IA) AND SUPPORT TO COMPUTER NETWORK DEFENSE (CND); Enclosure A, paragraph 7.f. and Enclosure C, paragraph 4.e. and 5. NIST Special Publication 800-53 (SP 800-53), Rev 4, Controls: PS-1, PS-6, AT-1, AT-3 and PL-4. DoD 5200.22-M (NISPOM), Incorporating Change 2, 18 May 2016, Chapter paragraphs 3-107.d. and 3-108. DoD Manual 5200.02, Procedures for the DoD Personnel Security Program (PSP), April 3, 2017, Paragraphs 7.4. ADJUDICATIVE GUIDELINES, 9.2., 11.2. a. (1), (2), (3) and b. 12.1. White House Memorandum and Intelligence Community Policy Guidance 704.2, December 29, 2005, Subject: Adjudicative Guidelines DoD 5200.2-R, Personnel Security Program, Chapter 9, paragraph C9.1.4 - Individual Responsibility (rescinded but provided for purpose of historical reference).

Description

Failure to inform personnel of the expected standards of conduct while holding a position of trust and their responsibility to self-report derogatory information to the organization security manager can result in conduct by the individual that will require them being removed from that position REFERENCES: CJCSI 6510.01F, INFORMATION ASSURANCE (IA) AND SUPPORT TO COMPUTER NETWORK DEFENSE (CND); Enclosure A, paragraph 7.f. and Enclosure C, paragraph 4.e. and 5. NIST Special Publication 800-53 (SP 800-53), Rev 4, Controls: PS-1, PS-6, AT-1, AT-3 and PL-4. DoD 5200.22-M (NISPOM), Incorporating Change 2, 18 May 2016, Chapter paragraphs 3-107.d. and 3-108. DoD Manual 5200.02, Procedures for the DoD Personnel Security Program (PSP), April 3, 2017, Paragraphs 7.4. ADJUDICATIVE GUIDELINES, 9.2., 11.2. a. (1), (2), (3) and b. 12.1. White House Memorandum and Intelligence Community Policy Guidance 704.2, December 29, 2005, Subject: Adjudicative Guidelines DoD 5200.2-R, Personnel Security Program, Chapter 9, paragraph C9.1.4 - Individual Responsibility (rescinded but provided for purpose of historical reference).

STIG	Date
Traditional Security Checklist	2020-08-26

Details

Check Text ( C-40788r8_chk )
Check to ensure that Individuals are familiar with pertinent personnel security regulations, such as DoD 5200.2-R and are aware of standards of conduct required of persons holding positions of trust, including (and especially) the requirement to report derogatory information to their local security manager. This check can be validated by: 1. Checking organizational personnel security initial and annual refresher training records to ensure that the topic of standards of conduct for individuals holding a security clearance and each individual’s responsibility to self- report derogatory information to their security manager are covered. 2. Conducting a general survey of multiple employees to determine if they understand the standards of conduct and their responsibility to self-report. The results should be based on a compilation of survey results rather than a single instance of an employee who is not familiar with personal responsibilities (standards and self-reporting). TACTICAL ENVIRONMENT: The check is applicable for fixed (established) tactical processing environments AND is applicable to a field/mobile environment.

Check Text ( C-40788r8_chk )

Check to ensure that Individuals are familiar with pertinent personnel security regulations, such as DoD 5200.2-R and are aware of standards of conduct required of persons holding positions of trust, including (and especially) the requirement to report derogatory information to their local security manager.

This check can be validated by:

1. Checking organizational personnel security initial and annual refresher training records to ensure that the topic of standards of conduct for individuals holding a security clearance and each individual’s responsibility to self- report derogatory information to their security manager are covered.

2. Conducting a general survey of multiple employees to determine if they understand the standards of conduct and their responsibility to self-report.

The results should be based on a compilation of survey results rather than a single instance of an employee who is not familiar with personal responsibilities (standards and self-reporting).

TACTICAL ENVIRONMENT: The check is applicable for fixed (established) tactical processing environments AND is applicable to a field/mobile environment.

Fix Text (F-36252r5_fix)
Ensure that Individuals are familiar with pertinent personnel security regulations, such as DoD 5200.2-R and are aware of standards of conduct required of persons holding positions of trust, including (and especially) the requirement to report derogatory information to their local security manager. Compliance can be validated by: 1. Ensuring that organizational personnel security initial and annual refresher training records include the topic of standards of conduct for individuals holding a security clearance in addition to covering each individual’s responsibility to self-report derogatory information to their security manager. 2. Conducting a general survey of multiple employees to ascertain their familiarity with personal responsibilities while holding a security clearance.

Fix Text (F-36252r5_fix)

Ensure that Individuals are familiar with pertinent personnel security regulations, such as DoD 5200.2-R and are aware of standards of conduct required of persons holding positions of trust, including (and especially) the requirement to report derogatory information to their local security manager.

Compliance can be validated by:

1. Ensuring that organizational personnel security initial and annual refresher training records include the topic of standards of conduct for individuals holding a security clearance in addition to covering each individual’s responsibility to self-report derogatory information to their security manager.

2. Conducting a general survey of multiple employees to ascertain their familiarity with personal responsibilities while holding a security clearance.