PS.L2-3.9.1

  • Requirement

    Screen individuals prior to authorizing access to organizational systems containing CUI.

  • Discussion

    Personnel security screening (vetting) activities involve the evaluation/assessment of individualā€™s conduct, integrity, judgment, loyalty, reliability, and stability (i.e., the trustworthiness of the individual) prior to authorizing access to organizational systems containing CUI. The screening activities reflect applicable federal laws, Executive Orders, directives, policies, regulations, and specific criteria established for the level of access required for assigned positions.

More Info

  • Title

    Screen Individuals
  • Domain

    Personnel Security
  • CMMC Level

    2
  • Related NIST 800-171 ID

  • Related NIST 800-53 ID

    PS-3;PS-4;PS-5

  • DoD Scoring Methodology Points

    3

  • Reference Documents

    • N/A

  • Further Discussion

    Ensure all employees who need access to CUI undergo organization-defined screening before being granted access. Base the types of screening on the requirements for a given position and role.

    The effective screening of personnel provided by this requirement, PS.L2-3.9.1, improves upon the effectiveness of authentication performed in IA.L2-3.5.2.

    Example

    You are in charge of security at your organization. You complete standard criminal background and credit checks of all individuals you hire before they can access CUI [a]. Your screening program follows appropriate laws, policies, regulations, and criteria for the level of access required for each position.

    Potential Assessment Considerations

    • Are appropriate background checks completed prior granting access to organizational systems containing CUI [a]?

NIST 800-171A Assessment Guidance

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!