Overview:
Screen individuals prior to authorizing access to information systems containing CUI.
Action Items:
3.9.1[a]
Determine if: if individuals are screened prior to authorizing access to organizational systems containing CUI.
POTENTIAL ASSESSMENT METHODS AND OBJECTS
1
Examine: Personnel security policy; procedures addressing personnel screening; records of screened personnel; system security plan; other relevant documents or records].
2
Interview: Personnel with personnel security responsibilities; personnel with information security responsibilities].
3
Test: Organizational processes for personnel screening].
Related Documents (document name and content will vary by organization):
1) Personnel security policy
2) procedures addressing personnel screening
3) records of screened personnel
4) system security plan
5) other relevant documents or records
Additional Guidance:
Personnel screening activities reflect applicable federal laws, Executive Orders, directives, policies, regulations, and specific criteria established for the level of access required for assigned positions.
Article ID: 178
Created: September 26, 2022
Last Updated: September 26, 2022
Author: Matthew Burdick
Online URL: http://www.compliancewiki.org/article/nist-800-171-background-screening-3-9-1-178.html