CCI-003021

Defines additional personnel screening criteria that individuals accessing a system processing, storing, or transmitting information requiring protection must satisfy.

Implementation Guidance

Determine if individuals accessing a system processing, storing, or transmitting information requiring special protection satisfy [PS-03(03)_ODP; additional personnel screening criteria to be satisfied for individuals accessing a system processing, storing, or transmitting information requiring special protection are defined].

Validation Procedures

Examine: [SELECT FROM: Personnel security policy; access control policy, procedures addressing personnel screening; records of screened personnel; screening criteria; records of access authorizations; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with personnel security responsibilities; organizational personnel with information security responsibilities]. Test: [SELECT FROM: Organizational processes for ensuring valid access authorizations for information requiring special protection; organizational process for additional personnel screening for information requiring special protection].

The controls below (if any) were marked by NIST as being related to CCI-003021.