PS.L2-3.9.1 Screen Individuals
Screen individuals prior to authorizing access to organizational systems containing CUI.
Source: NIST SP 800-171 Rev 2 3.9.1
Discussion: Personnel security screening (vetting) activities involve the evaluation/assessment of individual’s conduct, integrity, judgment, loyalty, reliability, and stability (i.e., the trustworthiness of the individual) prior to authorizing access to organizational systems containing CUI. The screening activities reflect applicable federal laws, Executive Orders, directives, policies, regulations, and specific criteria established for the level of access required for assigned positions.
Assessment Objectives:
Determine if:
- [a] individuals are screened prior to authorizing access to organizational systems containing CUI.
Examine: [SELECT FROM: Personnel security policy; procedures addressing personnel screening; records of screened personnel; security plan; other relevant documents or records].
Interview: [SELECT FROM: Personnel with personnel security responsibilities; personnel with information security responsibilities].
Test: [SELECT FROM: Organizational processes for personnel screening].
SPRS Score: 3
POA&M Allowed: No