Personnel Security (PS-08-014)
Topics:
PS-08-014 Personnel Security
Issue Date: 3/20/2008
Review Date: 12/1/2023
PURPOSE
In support of the Department of Homeland Security initiatives to mitigate the risks of identity fraud, counterfeiting, and terrorist exploitation among personnel entrusted with physical and logical access to state government facilities and information resources, it is essential that the State establish a requirement for identification verification for all state personnel and engagement contractors.
Additionally, personnel security is essential to establishing a common baseline of trust between state agencies in support of statewide data sharing requirements.
SCOPE and AUTHORITY
O.C.G.A 50-25-4(a)(10) – State Government, Georgia Technology, General Powers
O.C.G.A 50-25-4(a)(21) - State Government, Georgia Technology, General Powers
PM-04-001 – Information Technology Policies, Standards and Guidelines
PS-08-005 – Enterprise Information Security Charter
TERMS and DEFINITIONS
Federal work authorization program - any of the electronic verification of work authorization programs operated by the US Department of Homeland Security (USDHS) or any equivalent federal work authorization program operated by the USDHS to verify information of newly hired employees.
POLICY
Each state agency shall:
- Verify the identity, employment eligibility and conduct background screenings for all state employees and engagement contractors through a Federal Work Authorization Program in accordance with O.C.G.A §§ 13-10-91 before granting access credentials to State of Georgia facilities or information resources not designated as public access resources.
- Ensure that individuals occupying positions of responsibility within organizations (including third-party service providers) meet established security and qualification criteria for those positions.
- Ensure that organizational information and information systems are protected during and after personnel actions such as terminations and/or transfers.
- Ensure that individuals are aware of all information security policies and procedures, their responsibilities and the consequences for failing to comply
- Employ formal sanctions for personnel failing to comply with security policies and procedures
RELATED ENTERPRISE POLICIES, STANDARDS, GUIDELINES
Personnel Identity Verification and Screening (SS-08-017)
Third-Party Security Requirements (SS-08-013)
REFERENCES
Rules of Georgia Department of Labor, Chapter 300-10-1 “Georgia Security and Immigration Compliance Act of 2006”
Federal Information Processing Standard (FIPS) 201-1: Personal Identity Verification of Federal Employees and Contractors (PIV-I) http://csrc.nist.gov/publications/fips/index.html