Back to Control Explorer
PS.2.127
Content
Control Acronym
PS
Family
Personnel Security
CMMC Level
2
800-171 Control #
3.9.1
CMMC Description
Screen individuals prior to authorizing access to organizational systems containing CUI.
CMMC Clarification
Make sure all employees who need access to CUI have the organization-defined screening before they get access. Base the types of screening on the requirements defined for that specific level of access. Example You are in charge of security at your organization. All individuals you hire must have proper screening before they can access CUI. Screening may include activities such as background checks and drug testing. Follow the appropriate laws, policies, regulations, and criteria for the level of access required for each position.
800-171 Description
Screen individuals prior to authorizing access to organizational systems containing CUI.
800-171 Discussion
Personnel security screening (vetting) activities involve the evaluation/assessment of individual’s conduct, integrity, judgment, loyalty, reliability, and stability (i.e., the trustworthiness of the individual) prior to authorizing access to organizational systems containing CUI. The screening activities reflect applicable federal laws, Executive Orders, directives, policies, regulations, and specific criteria established for the level of access required for assigned positions.
Other Source Discussion
N/A
CIS Control References
NIST 800-53 Control Ref.
NIST SP 800-53 Rev 4 PS-3
CMMC Derived
NIST CSF Control References
NIST 800-171 References
NIST SP 800-171 Rev 1 3.9.1
Applicable FAR Clause
NIST CSF Control Reference
CERT RMM Reference
CERT RMM v1.2 HRM:SG2.SP1
Modification of NIST 800-171B Reference
NIST 800-171B Reference
UK NCSCCyber Reference
AS ACSC Reference
Sub-Criterias
Assessment Sub-Criteria 1
PS.2.127.[a] individuals are screened prior to authorizing access to organizational systems containing CUI.