>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

PS-3Personnel Screening

LI-SaaS
Low
Moderate
High

>Control Description

a

Screen individuals prior to authorizing access to the system; and

b

Rescreen individuals in accordance with organization-defined conditions requiring rescreening and, where rescreening is so indicated, the frequency of rescreening.

>FedRAMP Baseline Requirements

Parameter Values

b
for national security clearances; a reinvestigation is required during the fifth (5th) year for top secret security clearance, the tenth (10th) year for secret security clearance, and fifteenth (15th) year for confidential security clearance.

>Discussion

Personnel screening and rescreening activities reflect applicable laws, executive orders, directives, regulations, policies, standards, guidelines, and specific criteria established for the risk designations of assigned positions. Examples of personnel screening include background investigations and agency checks. Organizations may define different rescreening conditions and frequencies for personnel accessing systems based on types of information processed, stored, or transmitted by the systems.

>Cross-Framework Mappings

SCF

HRS-04
Compare

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What is the process for screening individuals prior to authorizing access to organizational systems?
  • How does the organization determine screening requirements based on position risk level and access type?
  • Who is responsible for conducting or overseeing personnel screening?
  • What is the frequency for re-screening personnel, and what events trigger re-screening?
  • What governance exists for managing screening exceptions and ensuring consistent application of screening criteria?

Technical Implementation:

  • What systems track personnel screening status and results?
  • How is screening information integrated with access authorization systems?
  • What technical controls prevent access until screening is complete?
  • How are re-screening requirements automated and tracked?
  • What alerts notify when screening credentials are expiring or expired?

Evidence & Documentation:

  • Provide personnel screening procedures for different position risk levels.
  • Provide screening completion records for all personnel with system access.
  • Provide evidence of background investigation results or clearance verification.
  • Provide records of re-screening at required intervals.
  • Provide documentation of screening exception approvals and justifications.

Ask AI

Configure your API key to use AI features.