3.9.1

Requirement

a. Screen individuals prior to authorizing access to the system.
b. Rescreen individuals in accordance with [Assignment: organization-defined conditions requiring rescreening].

Discussion

Personnel security screening activities involve the assessment of the conduct, integrity, judgment, loyalty, reliability, and stability of an individual (i.e., the individual’s trustworthiness) prior to authorizing access to the system or when elevating system access. The screening and rescreening activities reflect applicable federal laws, Executive Orders, directives, policies, regulations, and criteria established for the level of access required for the assigned position.

NIST 800-171A r3 Assessment Guidance

Examine

[SELECT FROM: personnel security policy and procedures; procedures for personnel screening and rescreening; records of screened personnel; system security plan; other relevant documents or records]
Interview

[SELECT FROM: processes for personnel screening and rescreening]
Test

[SELECT FROM: personnel with personnel security responsibilities; personnel with information security responsibilities]

ID	Assessment Objectives
A.03.09.01.a	individuals are screened prior to authorizing access to the system.
A.03.09.01.b	individuals are rescreened in accordance with the following conditions: .
A.03.09.01.ODP[01]	conditions that require the rescreening of individuals are defined.

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!