CMMC v2.13 Practices

PS.L2-3.9.1  

Reference: CMMC v2.13

Family: PS

Level Introduced: 2

Title: Screen Individuals

Practice:
Screen individuals prior to authorizing access to organizational systems containing CUI.

Further Discussion:
Ensure all employees who need access to CUI undergo organization-defined screening before being granted access. Base the types of screening on the requirements for a given position and role.

The effective screening of personnel provided by this requirement, PS.L2-3.9.1, improves upon the effectiveness of authentication performed in IA.L2-3.5.2.

Example
You are in charge of security at your organization. You complete standard criminal background and credit checks of all individuals you hire before they can access CUI [a]. Your screening program follows appropriate laws, policies, regulations, and criteria for the level of access required for each position.

Potential Assessment Considerations
• Are appropriate background checks completed prior granting access to organizational systems containing CUI [a]?

This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.

This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.

Source: CMMC v2.13