PS-03 Personnel Screening
a. Screen individuals prior to authorizing access to the system; and
b. Rescreen individuals in accordance with ps-3_prm_1.
| Parameter ID | Definition |
|---|---|
| ps-3_prm_1 | organization-defined conditions requiring rescreening and, where rescreening is so indicated, the frequency of rescreening |
| ps-03_odp.01 | conditions requiring rescreening |
| ps-03_odp.02 | frequency |
Baselines
- L
- M
- H
- P
Guidance
Personnel screening and rescreening activities reflect applicable laws, executive orders, directives, regulations, policies, standards, guidelines, and specific criteria established for the risk designations of assigned positions. Examples of personnel screening include background investigations and agency checks. Organizations may define different rescreening conditions and frequencies for personnel accessing systems based on types of information processed, stored, or transmitted by the systems.
References 9
- EO 13526 Executive Order 13526, *Classified National Security Information* , December 2009.
- EO 13587 Executive Order 13587, *Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information* , October 2011.
- FIPS 199 National Institute of Standards and Technology (2004) Standards for Security Categorization of Federal Information and Information Systems. (U.S. Department of Commerce, Washington, D.C.), Federal Information Processing Standards Publication (FIPS) 199.
- FIPS 201-2 National Institute of Standards and Technology (2013) Personal Identity Verification (PIV) of Federal Employees and Contractors. (U.S. Department of Commerce, Washington, D.C.), Federal Information Processing Standards Publication (FIPS) 201-2.
- SP 800-60-1 Stine KM, Kissel RL, Barker WC, Fahlsing J, Gulick J (2008) Guide for Mapping Types of Information and Information Systems to Security Categories. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-60, Vol. 1, Rev. 1.
- SP 800-60-2 Stine KM, Kissel RL, Barker WC, Lee A, Fahlsing J (2008) Guide for Mapping Types of Information and Information Systems to Security Categories: Appendices. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-60, Vol. 2, Rev. 1.
- SP 800-73-4 Cooper DA, Ferraiolo H, Mehta KL, Francomacaro S, Chandramouli R, Mohler J (2015) Interfaces for Personal Identity Verification. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-73-4, Includes updates as of February 8, 2016.
- SP 800-76-2 Grother PJ, Salamon WJ, Chandramouli R (2013) Biometric Specifications for Personal Identity Verification. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-76-2.
- SP 800-78-4 Polk T, Dodson DF, Burr WE, Ferraiolo H, Cooper DA (2015) Cryptographic Algorithms and Key Sizes for Personal Identity Verification. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-78-4.
Control Enhancements 4
- PS-03(01) Classified Information L M H P
- PS-03(02) Formal Indoctrination L M H P
- PS-03(03) Information Requiring Special Protective Measures L M H P
- PS-03(04) Citizenship Requirements L M H P
Related controls 9
- AC-02 Account Management L M H P
- IA-04 Identifier Management L M H P
- MA-05 Maintenance Personnel L M H P
- PE-02 Physical Access Authorizations L M H P
- PM-12 Insider Threat Program L M H P
- PS-02 Position Risk Designation L M H P
- PS-06 Access Agreements L M H P
- PS-07 External Personnel Security L M H P
- SA-21 Developer Screening L M H P