>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

PS-3Personnel Screening

IL4 Mod
IL4 High
IL5
IL6

>Control Description

a

Screen individuals prior to authorizing access to the system; and

b

Rescreen individuals in accordance with organization-defined conditions requiring rescreening and, where rescreening is so indicated, the frequency of rescreening.

>DoD Impact Level Requirements

FedRAMP Parameter Values

PS-3 (b) [for national security clearances; a reinvestigation is required during the fifth (5th) year for top secret security clearance, the tenth (10th) year for secret security clearance, and fifteenth (15th) year for confidential security clearance. For moderate risk law enforcement and high impact public trust level, a reinvestigation is required during the fifth (5th) year. There is no reinvestigation for other moderate risk positions or any low risk positions]

>Discussion

Personnel screening and rescreening activities reflect applicable laws, executive orders, directives, regulations, policies, standards, guidelines, and specific criteria established for the risk designations of assigned positions. Examples of personnel screening include background investigations and agency checks. Organizations may define different rescreening conditions and frequencies for personnel accessing systems based on types of information processed, stored, or transmitted by the systems.

>Related Controls

AC-2
IA-4
MA-5
PE-2
PM-12
PS-2
PS-6
PS-7
SA-21

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What is the process for screening individuals prior to authorizing access to organizational systems?
  • How does the organization determine screening requirements based on position risk level and access type?
  • Who is responsible for conducting or overseeing personnel screening?
  • What is the frequency for re-screening personnel, and what events trigger re-screening?
  • What governance exists for managing screening exceptions and ensuring consistent application of screening criteria?

Technical Implementation:

  • What systems track personnel screening status and results?
  • How is screening information integrated with access authorization systems?
  • What technical controls prevent access until screening is complete?
  • How are re-screening requirements automated and tracked?
  • What alerts notify when screening credentials are expiring or expired?

Evidence & Documentation:

  • Provide personnel screening procedures for different position risk levels.
  • Provide screening completion records for all personnel with system access.
  • Provide evidence of background investigation results or clearance verification.
  • Provide records of re-screening at required intervals.
  • Provide documentation of screening exception approvals and justifications.

Ask AI

Configure your API key to use AI features.