CMMC 2.13
CMMC · Rev 2.132FAMILY PS
PS.L2-3.9.1
Screen Individuals
Requirement
Screen individuals prior to authorizing access to organizational systems containing CUI.
Further discussion
Ensure all employees who need access to CUI undergo organization-defined screening before being granted access. Base the types of screening on the requirements for a given position and role.
The effective screening of personnel provided by this requirement, PS.L2-3.9.1, improves upon the effectiveness of authentication performed in IA.L2-3.5.2.
Example
You are in charge of security at your organization. You complete standard criminal background and credit checks of all individuals you hire before they can access CUI [a]. Your screening program follows appropriate laws, policies, regulations, and criteria for the level of access required for each position.
Potential Assessment Considerations
• Are appropriate background checks completed prior granting access to organizational systems containing CUI [a]?
Supporting controls
NIST 800-171 · Rev 21 mapped
Create a free account or log in to view the cross-referenced controls.
Implementation strategies
10 recommended strategies for this practice.
Create a free account or log in to view the implementation strategies.
Source: DoD CIO · https://dodcio.defense.gov/CMMC/