CCI-003021

The organization defines additional personnel screening criteria that individuals accessing an information system processing, storing, or transmitting information requiring protection must satisfy.

Implementation Guidance

The organization being inspected/assessed defines and documents additional personnel screening criteria that individuals accessing an information system processing, storing, or transmitting information requiring protection must satisfy. DoD has determined the additional personnel screening criteria is not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented additional personnel screening criteria to ensure the organization being inspected/assessed defines additional personnel screening criteria that individuals accessing an information system processing, storing, or transmitting information requiring protection must satisfy. DoD has determined the additional personnel screening criteria is not appropriate to define at the Enterprise level.

Compelling Evidence

1.) SOP/TTP that defines additional personnel screening criteria that individuals accessing an information system processing, storing, or transmitting information requiring protection must satisfy.

The controls below (if any) were marked by NIST as being related to CCI-003021.