03.09.01: Personnel Screening

Control Familly: Personnel Security

SPRS: N/A

Top Ten Failed Requirement: N/A

Supporting Publications:

  • SP 800-181 [34]

Referenced in: N/A

Control Type: N/A

CPCSC Level 2: 03.09.01

CMMC Level(s): N/A

Derived From: NIST SP 800-53r5

  • PS-03

a. Screen individuals prior to authorizing access to the system.

b. Rescreen individuals in accordance with [Assignment: organization-defined conditions requiring rescreening].

Discussion:

Personnel security screening activities involve the assessment of the conduct, integrity, judgment, loyalty, reliability, and stability of an individual (i.e., the individual’s trustworthiness) prior to authorizing access to the system or when elevating system access. The screening and rescreening activities reflect applicable federal laws, Executive Orders, directives, policies, regulations, and criteria established for the level of access required for the assigned position.

Assessment Methods and Objectives

Examine [SELECT FROM: personnel security policy and procedures; procedures for personnel screening and rescreening; records of screened personnel; system security plan; other relevant documents or records]

Interview [SELECT FROM: personnel with personnel security responsibilities; personnel with information security responsibilities]

Test [SELECT FROM: processes for personnel screening and rescreening]

NIST SP 800-171A r3 Determining Statements Determine if:

A.03.09.01.ODP[01]: conditions that require the rescreening of individuals are defined.

A.03.09.01.a: individuals are screened prior to authorizing access to the system.

A.03.09.01.b: individuals are rescreened in accordance with the following conditions: <A.03.09.01.ODP[01]: conditions>.