CMMC PS.2.127 - Screen Individual for System Access

CMMC PS.2.127 - Screen Individual for System Access

Requirement text: PS.2.127: Screen individuals prior to authorizing access to organizational systems
containing CUI.

DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2
Personnel security screening (vetting) activities involve the evaluation/assessment of
individual’s conduct, integrity, judgment, loyalty, reliability, and stability (i.e., the
trustworthiness of the individual) prior to authorizing access to organizational systems
containing CUI. The screening activities reflect applicable federal laws, Executive Orders,
directives, policies, regulations, and specific criteria established for the level of access
required for assigned positions.

CMMC CLARIFICATION
Make sure all employees who need access to CUI have the organization-defined screening
before they get access. Base the types of screening on the requirements defined for that
specific level of access.

Example
You are in charge of security at your organization. All individuals you hire must have proper
screening before they can access CUI. Screening may include activities such as background
checks and drug testing. Follow the appropriate laws, policies, regulations, and criteria for
the level of access required for each position.

References
• NIST SP 800-171 Rev 1 3.9.1
• CERT RMM v1.2 HRM:SG2.SP1
• NIST SP 800-53 Rev 4 PS-3

    • Related Articles

    • Access Control: SP 800-171 Security Family 3.1

      Access is the ability to make use of any system resource. Access control is the process of granting or denying requests to:       • use information,       • use information processing services, and       • enter company facilities.  System-based ...

    • CMMC Level 1 Overview - Basic Cyber Hygiene

      CMMC Level 1 l focuses on Federal Contract Information (FCI), which is defined as “information, not intended for public release, that is provided by or generated for the Government under a contract to develop or deliver a product or service to the ...

    • CMMC PS.2.128 - Protect CUI during Personnel Terminations and Transfers

      Requirement text: PS.2.128: Ensure that organizational systems containing CUI are protected during and after personnel actions such as terminations and transfers. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 Protecting CUI during and after ...

    • CMMC SI.5.223 - Monitor Individual and Systems for Anomalous Behavior

      Requirement text: SI.5.223: Monitor individuals and system components on an ongoing basis for anomalous or suspicious behavior. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171B Monitoring is used to identify unusual or unauthorized activities or ...

    • System and Information Integrity: SP 800-171 Security Family 3.14

      Integrity is defined as guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity. It is the assertion that data can only be accessed or modified by the authorized employees. ...