Organizational Control: Personnel Screening

Control ID: PS-3 Personnel Screening Family: Personnel Security Source: NIST 800-53r4
Control: The organization:
  1. Screens individuals prior to authorizing access to the information system; and
  2. Rescreens individuals according to [Assignment: organization-defined conditions requiring rescreening and, where rescreening is so indicated, the frequency of such rescreening].
Supplemental Guidance:
Personnel screening and rescreening activities reflect applicable state and federal laws, Executive Orders, directives, regulations, policies, standards, guidance, and specific criteria established for the risk designations of assigned positions. Organizations may define different rescreening conditions and frequencies for personnel accessing information systems based on types of information processed, stored, or transmitted by the systems.

Related Controls: AC-2, IA-4, PE-2, PS-2
Control Enhancements: N/A
References: 5 C.F.R. 731.106; FIPS Publications 199, 201; NIST Special Publications 800-60, 800-73, 800-76, 800-78; ICD 704.
Mechanisms:
Protocol Implementation Conformance Statements: N/A