Reference: CMMC v2.13
Family: PS
Level Introduced: 2
Title: Screen Individuals
Practice:
Screen individuals prior to authorizing access to organizational systems containing CUI.
Further Discussion:
Ensure all employees who need access to CUI undergo organization-defined screening before being granted access. Base the types of screening on the requirements for a given position and role.
The effective screening of personnel provided by this requirement, PS.L2-3.9.1, improves upon the effectiveness of authentication performed in IA.L2-3.5.2.
Example
You are in charge of security at your organization. You complete standard criminal background and credit checks of all individuals you hire before they can access CUI [a]. Your screening program follows appropriate laws, policies, regulations, and criteria for the level of access required for each position.
Potential Assessment Considerations
• Are appropriate background checks completed prior granting access to organizational systems containing CUI [a]?
Implementation Strategies
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
800-171 Requirements v2 (1)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.