The organization ensures that individuals accessing an information system processing, storing, or transmitting information requiring special protection:
- Have valid access authorizations that are demonstrated by assigned official government duties; and
- Satisfy [Assignment: organization-defined additional personnel screening criteria].
Organizational information requiring special protection includes, for example, Controlled Unclassified Information (CUI) and Sources and Methods Information (SAMI). Personnel security criteria include, for example, position sensitivity background screening requirements.