Description:
Personnel security screening (vetting) activities involve the evaluation/assessment of individual’s conduct, integrity, judgment, loyalty, reliability, and stability (i.e., the trustworthiness of the individual) prior to authorizing access to organizational systems containing CUI. The screening activities reflect applicable federal laws, Executive Orders, directives, policies, regulations, and specific criteria established for the level of access required for assigned positions.
Priority: High
Category: Personnel Security
Services Associated with AWS:
N/A
Objective Evidence:
- Administrative: documented policies, standards & procedures
- Administrative: supporting documentation to demonstrate Human Resources (HR) practices to screen individuals
- Administrative: supporting documentation to demonstrate how Identity & Access Management (IAM) practices are implemented
- Administrative: supporting documentation to demonstrate the "secure practices" used to build technology platform-specific secure baseline configurations
- Technical: screenshot of AD settings, or other IAM interface
Possible Technology Considerations :
NA
What needs to be answered :
Are individuals requiring access screened before access is granted?
- Personnel Security Screening for Access to CUI Systems
Description: This check ensures that organizations have established personnel security screening processes to evaluate and assess the trustworthiness of individuals before granting them access to organizational systems containing Controlled Unclassified Information (CUI). Personnel security screening activities aim to assess an individual's conduct, integrity, judgment, loyalty, reliability, and stability to determine their eligibility for accessing CUI systems.
More Details:
Employees with access to CUI must undergo background screening prior to approval to work on CUI.