Establishes personnel security requirements including security roles and responsibilities for third-party providers;
Requires third-party providers to comply with personnel security policies and procedures established by the organization;
Documents personnel security requirements;
Requires third-party providers to notify [Assignment: organization-defined personnel or roles] of any personnel transfers or terminations of third-party personnel who possess organizational credentials and/or badges, or who have information system privileges within [Assignment: organization-defined time period]; and
Monitors provider compliance.