Skip to content
CMMC 2.13
CMMC · Rev 2.132FAMILY PS

PS.L2-3.9.1

Screen Individuals

Requirement

Screen individuals prior to authorizing access to organizational systems containing CUI.

Further discussion

Ensure all employees who need access to CUI undergo organization-defined screening before being granted access. Base the types of screening on the requirements for a given position and role. The effective screening of personnel provided by this requirement, PS.L2-3.9.1, improves upon the effectiveness of authentication performed in IA.L2-3.5.2. Example You are in charge of security at your organization. You complete standard criminal background and credit checks of all individuals you hire before they can access CUI [a]. Your screening program follows appropriate laws, policies, regulations, and criteria for the level of access required for each position. Potential Assessment Considerations • Are appropriate background checks completed prior granting access to organizational systems containing CUI [a]?

Supporting controls

NIST 800-171 · Rev 21 mapped

Create a free account or log in to view the cross-referenced controls.

Implementation strategies

10 recommended strategies for this practice.

Create a free account or log in to view the implementation strategies.

Source: DoD CIO · https://dodcio.defense.gov/CMMC/