← All Domains

PS — Personnel Security

Stokes Frederick Co

SPRS Score: -131

Objective Progress 0 / 4 (0.0%)
CMMC Practices MET 0 / 2
Domain Score Impact -8

CMMC scoring changes when all assessment objectives for a practice are MET; objective progress updates as each objective is assessed.

PS.L2-3.9.1 DoD Weight: 3 Deduction: -3 Basic
Not Yet Assessed
Requirement: Screen individuals prior to authorizing access to organizational systems containing CUI.
MET gate: This control cannot be marked MET until every child objective is MET. Blocking objective statuses: 3.9.1 = Not Yet Assessed

Assessment Objectives (1)

  • 3.9.1
    Determine if: individuals are screened prior to authorizing access to organizational systems.
    Update objective finding / evidence
    Not Yet Assessed
📝 Assessment Methods (Examine / Interview / Test)
Examine: [SELECT FROM: Personnel security policy; procedures addressing personnel screening; records of screened personnel; security plan; other relevant documents or records].
Interview: [SELECT FROM: Personnel with personnel security responsibilities; personnel with information security responsibilities].
Test: [SELECT FROM: Organizational processes for personnel screening].
PS.L2-3.9.2 DoD Weight: 5 Deduction: -5 Basic
Not Yet Assessed
Requirement: Ensure that organizational systems containing CUI are protected during and after personnel actions such as terminations and transfers.
MET gate: This control cannot be marked MET until every child objective is MET. Blocking objective statuses: 3.9.2[a] = Not Yet Assessed; 3.9.2[b] = Not Yet Assessed; 3.9.2[c] = Not Yet Assessed

Assessment Objectives (3)

  • 3.9.2[a]
    Determine if: a policy and/or process for terminating system access authorization and any credentials coincident with personnel actions is established.
    Update objective finding / evidence
    Not Yet Assessed
  • 3.9.2[b]
    Determine if: system access and credentials are terminated consistent with personnel actions such as termination or transfer.
    Update objective finding / evidence
    Not Yet Assessed
  • 3.9.2[c]
    Determine if: the system is protected during and after personnel transfer actions.
    Update objective finding / evidence
    Not Yet Assessed
📝 Assessment Methods (Examine / Interview / Test)
Examine: [SELECT FROM: Personnel security policy; procedures addressing personnel transfer and termination; records of personnel transfer and termination actions; list of system accounts; records of terminated or revoked authenticators and credentials; records of exit interviews; other relevant documents or records].
Interview: [SELECT FROM: Personnel with personnel security responsibilities; personnel with account management responsibilities; system or network administrators; personnel with information security responsibilities].
Test: [SELECT FROM: Organizational processes for personnel transfer and termination; mechanisms supporting or implementing personnel transfer and termination notifications; mechanisms for disabling system access and revoking authenticators].