5.12.1—Personnel Security Screening
>Control Description
1. To verify identification, state of residency and national fingerprint-based record checks shall be conducted prior to granting access to CJI for all personnel who have unescorted access to unencrypted CJI or unescorted access to physically secure locations or controlled areas (during times of CJI processing). However, if the person resides in a different state than that of the assigned agency, the agency shall conduct state (of the agency) and national fingerprint-based record checks and execute a NLETS CHRI IQ/FQ/AQ query using purpose code C, E, or J depending on the circumstances. When appropriate, the screening shall be consistent with:
a. 5 CFR 731.106; and/or
b. Office of Personnel Management policy, regulations, and guidance; and/or
c. agency policy, regulations, and guidance.
Supplemental Guidance:
a. Federal entities bypassing state repositories in compliance with federal law may not be required to conduct a state fingerprint-based record check.
b. See Appendix J for applicable guidance regarding noncriminal justice agencies performing adjudication of civil fingerprint submissions.
c. Fingerprint-based record checks may not be required for all cloud provider personnel depending upon the type of service offering and access to encryption keys.
d. See Appendix G.3 for guidance on personnel screening requirements specific to cloud environments.
2. All requests for access shall be made as specified by the CSO. The CSO, or their designee, is authorized to approve access to CJI. All CSO designees shall be from an authorized criminal justice agency.
3. If a record of any kind exists, access to CJI shall not be granted until the CSO or his/her designee reviews the matter to determine if access is appropriate.
a. If a felony conviction of any kind exists, the Interface Agency shall deny access to CJI. However, the Interface Agency may ask for a review by the CSO in 1. To verify identification, state of residency and national fingerprint-based record checks shall be conducted prior to granting access to CJI for all personnel who have unescorted access to unencrypted CJI or unescorted access to physically secure locations or controlled areas (during times of CJI processing). However, if the person resides in a different state than that of the assigned agency, the agency shall conduct state (of the agency) and national fingerprint-based record checks and execute a NLETS CHRI IQ/FQ/AQ query using purpose code C, E, or J depending on the circumstances. When appropriate, the screening shall be consistent with:
a. 5 CFR 731.106; and/or
b. Office of Personnel Management policy, regulations, and guidance; and/or
c. agency policy, regulations, and guidance.
Supplemental Guidance:
a. Federal entities bypassing state repositories in compliance with federal law may not be required to conduct a state fingerprint-based record check.
b. See Appendix J for applicable guidance regarding noncriminal justice agencies performing adjudication of civil fingerprint submissions.
c. Fingerprint-based record checks may not be required for all cloud provider personnel depending upon the type of service offering and access to encryption keys.
d. See Appendix G.3 for guidance on personnel screening requirements specific to cloud environments.
2. All requests for access shall be made as specified by the CSO. The CSO, or their designee, is authorized to approve access to CJI. All CSO designees shall be from an authorized criminal justice agency.
3. If a record of any kind exists, access to CJI shall not be granted until the CSO or his/her designee reviews the matter to determine if access is appropriate.
a. If a felony conviction of any kind exists, the Interface Agency shall deny access to CJI. However, the Interface Agency may ask for a review by the CSO in 1. To verify identification, state of residency and national fingerprint-based record checks shall be conducted prior to granting access to CJI for all personnel who have unescorted access to unencrypted CJI or unescorted access to physically secure locations or controlled areas (during times of CJI processing). However, if the person resides in a different state than that of the assigned agency, the agency shall conduct state (of the agency) and national fingerprint-based record checks and execute a NLETS CHRI IQ/FQ/AQ query using purpose code C, E, or J depending on the circumstances. When appropriate, the screening shall be consistent with:
a. 5 CFR 731.106; and/or
b. Office of Personnel Management policy, regulations, and guidance; and/or
c. agency policy, regulations, and guidance.
Supplemental Guidance:
a. Federal entities bypassing state repositories in compliance with federal law may not be required to conduct a state fingerprint-based record check.
b. See Appendix J for applicable guidance regarding noncriminal justice agencies performing adjudication of civil fingerprint submissions.
c. Fingerprint-based record checks may not be required for all cloud provider personnel depending upon the type of service offering and access to encryption keys.
d. See Appendix G.3 for guidance on personnel screening requirements specific to cloud environments.
2. All requests for access shall be made as specified by the CSO. The CSO, or their designee, is authorized to approve access to CJI. All CSO designees shall be from an authorized criminal justice agency.
3. If a record of any kind exists, access to CJI shall not be granted until the CSO or his/her designee reviews the matter to determine if access is appropriate.
a. If a felony conviction of any kind exists, the Interface Agency shall deny access to CJI. However, the Interface Agency may ask for a review by the CSO in extenuating circumstances where the severity of the offense and the time that has passed would support a possible variance.
b. Applicants with a record of misdemeanor offense(s) may be granted access if the CSO, or his or her designee, determines the nature or severity of the misdemeanor offense(s) do not warrant disqualification. The Interface Agency may request the CSO review a denial of access determination. This same procedure applies if the person is found to be a fugitive or has an arrest history without conviction.
c. If a record of any kind is found on a contractor, the CGA shall be formally notified and system access shall be delayed pending review of the criminal history record information. The CGA shall in turn notify the contractor’s security officer.
4. If the person appears to be a fugitive or has an arrest history without conviction, the CSO or his/her designee shall review the matter to determine if access to CJI is appropriate.
5. If the person already has access to CJI and is subsequently arrested and or convicted, continued access to CJI shall be determined by the CSO. This does not implicitly grant hiring/firing authority with the CSA, only the authority to grant access to CJI. For offenses other than felonies, the CSO has the latitude to delegate continued access determinations to his or her designee.
6. If the CSO or his/her designee determines that access to CJI by the person would not be in the public interest, access shall be denied and the person's appointing authority shall be notified in writing of the access denial.
7. The granting agency shall maintain a list of personnel who have been authorized unescorted access to unencrypted CJI and shall, upon request, provide a current copy of the access list to the CSO.
It is recommended individual background re-investigations be conducted every five years unless Rap Back is implemented.
>Cross-Framework Mappings
Ask AI
Configure your API key to use AI features.