Establish, implement, and maintain a role-based information access metrics program.
CONTROL ID 01668
CONTROL TYPE Establish/Maintain Documentation
CLASSIFICATION Preventive
SUPPORTING AND SUPPORTED CONTROLS
This Control directly supports the implied Control(s):
Establish, implement, and maintain a metrics policy., CC ID: 01654
This Control has the following implementation support Control(s):
Report on the percentage of new hires who completed training ahead of being granted network access or system access., CC ID: 01683
Report on the percentage of personnel who have completed periodic Information Assurance refresher training., CC ID: 01684
Report on the percentage of user roles, systems, and applications that comply with the segregation of duties principle., CC ID: 01689
Report on the percentage of individuals whose access rights have been reviewed., CC ID: 01690
Report on the percentage of users who have access to restricted data or restricted information and have undergone a background check., CC ID: 01693
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
The organization must establish and maintain a role-based information access metrics standard. (ISPE9, CISWG Information Security Program Elements, 10-Jan-05)
Ensure all personnel associated directly with a critical DIB asset are vetted for employment suitability, reliability, and trustworthiness. This metric is measured based on DIB asset owner reporting. Compliance with the vetting process must be completed on an annual basis and is measured by complete… (ยง 6.1.1 Table 6-2 Goal 2, Defense Industrial Base Information Assurance Standard)