Skip to main content
HRS

Human Resources Security

46 controls

Execute sound hiring practices and ongoing personnel management to cultivate a cybersecurity & data privacy-minded workforce.

SCF # Control Name Weight NIST CSF Frameworks
HRS-01 Human Resources Security Management 10 — Critical Govern 118
HRS-01.1 Onboarding, Transferring & Offboarding Personnel 9 — Critical Govern 12
HRS-02 Position Categorization 8 — High Identify 69
HRS-02.1 Users With Elevated Privileges 10 — Critical Identify 21
HRS-02.2 Probationary Periods 1 — Low Detect 4
HRS-03 Defined Roles & Responsibilities 10 — Critical Identify 98
HRS-03.1 User Awareness 9 — Critical Identify 35
HRS-03.2 Competency Requirements for Security-Related Positions 9 — Critical Identify 70
HRS-04 Personnel Screening 10 — Critical Identify 86
HRS-04.1 Roles With Special Protection Measures 9 — Critical Identify 50
HRS-04.2 Formal Indoctrination 7 — High Identify 43
HRS-04.3 Citizenship Requirements 5 — Medium Identify 5
HRS-04.4 Citizenship Identification 3 — Low Identify 2
HRS-05 Terms of Employment 10 — Critical Identify 67
HRS-05.1 Rules of Behavior 10 — Critical Identify 101
HRS-05.2 Social Media & Social Networking Restrictions 9 — Critical Identify 52
HRS-05.3 Technology Use Restrictions 10 — Critical Identify 60
HRS-05.4 Use of Critical Technologies 9 — Critical Identify 23
HRS-05.5 Use of Mobile Devices 9 — Critical Identify 23
HRS-05.6 Security-Minded Dress Code 1 — Low Protect 1
HRS-05.7 Policy Familiarization & Acknowledgement 8 — High Identify 20
HRS-06 Access Agreements 10 — Critical Identify 63
HRS-06.1 Confidentiality Agreements 10 — Critical Identify 65
HRS-06.2 Post-Employment Requirements Awareness 5 — Medium Protect 7
HRS-07 Personnel Sanctions 9 — Critical Respond 64
HRS-07.1 Workplace Investigations 8 — High Respond 17
HRS-07.2 Updating Disciplinary Processes 3 — Low Identify 2
HRS-07.3 Preventative Access Restriction 5 — Medium Protect 3
HRS-08 Personnel Transfer 9 — Critical Identify 61
HRS-09 Personnel Termination 9 — Critical Protect 70
HRS-09.1 Asset Collection 9 — Critical Protect 14
HRS-09.2 High-Risk Terminations 9 — Critical Protect 32
HRS-09.3 Post-Employment Requirements Notification 8 — High Protect 11
HRS-09.4 Automated Employment Status Notifications 5 — Medium Protect 15
HRS-10 Third-Party Personnel Security 10 — Critical Identify 50
HRS-11 Separation of Duties (SoD) 7 — High Protect 68
HRS-12 Incompatible Roles 8 — High Protect 14
HRS-12.1 Two-Person Rule 7 — High Protect 4
HRS-13 Identify Critical Skills & Gaps 5 — Medium Protect 5
HRS-13.1 Remediate Identified Skills Deficiencies 5 — Medium Protect 4
HRS-13.2 Identify Vital Cybersecurity & Data Privacy Staff 5 — Medium Protect 5
HRS-13.3 Establish Redundancy for Vital Cybersecurity & Data Privacy Staff 5 — Medium Protect 6
HRS-13.4 Perform Succession Planning 5 — Medium Protect 7
HRS-14 Identifying Authorized Work Locations 8 — High Protect 1
HRS-14.1 Communicating Authorized Work Locations 8 — High Protect 1
HRS-15 Reporting Suspicious Activities 7 — High Protect 4

The Secure Controls Framework (SCF) is maintained by SCF Council. Use of SCF content is subject to the SCF Terms & Conditions.

Manage SCF Controls in SCF Connect

Streamline your compliance program with automated control tracking, evidence management, and framework mapping.

Get Started Free