PS-3(3): Information With Special Protection Measures

Control Family:

Personnel Security

CSF v1.1 References:


(Not part of any baseline)

Next Version:

Control Statement

The organization ensures that individuals accessing an information system processing, storing, or transmitting information requiring special protection:

  1. Have valid access authorizations that are demonstrated by assigned official government duties; and
  2. Satisfy [Assignment: organization-defined additional personnel screening criteria].

Supplemental Guidance

Organizational information requiring special protection includes, for example, Controlled Unclassified Information (CUI) and Sources and Methods Information (SAMI). Personnel security criteria include, for example, position sensitivity background screening requirements.