PS — Personnel Security

new org

SPRS Score: -1203

Objective Progress 0 / 4 (0.0%)

CMMC Practices MET 0 / 2

Domain Score Impact -8

CMMC scoring changes when all assessment objectives for a practice are MET; objective progress updates as each objective is assessed.

Not Yet Assessed

Requirement: Screen individuals prior to authorizing access to organizational systems containing CUI.

MET gate: This control cannot be marked MET until every child objective is MET. Blocking objective statuses: 3.9.1 = Not Yet Assessed

Assessment Objectives (1)

3.9.1

Determine if: individuals are screened prior to authorizing access to organizational systems.

Update objective finding / evidence

Implementation Status

Assessment Type

Target Completion Date

Assessed By

Description of Implementation None

Evidence Reference

Evidence File Upload

Not Yet Assessed

📝 Assessment Methods (Examine / Interview / Test)

Examine: [SELECT FROM: Personnel security policy; procedures addressing personnel screening; records of screened personnel; security plan; other relevant documents or records].

Interview: [SELECT FROM: Personnel with personnel security responsibilities; personnel with information security responsibilities].

Test: [SELECT FROM: Organizational processes for personnel screening].

Not Yet Assessed

Requirement: Ensure that organizational systems containing CUI are protected during and after personnel actions such as terminations and transfers.

MET gate: This control cannot be marked MET until every child objective is MET. Blocking objective statuses: 3.9.2[a] = Not Yet Assessed; 3.9.2[b] = Not Yet Assessed; 3.9.2[c] = Not Yet Assessed

Assessment Objectives (3)

3.9.2[a]

Determine if: a policy and/or process for terminating system access authorization and any credentials coincident with personnel actions is established.

Update objective finding / evidence

Implementation Status

Assessment Type

Target Completion Date

Assessed By

Description of Implementation None

Evidence Reference

Evidence File Upload

Not Yet Assessed
3.9.2[b]

Determine if: system access and credentials are terminated consistent with personnel actions such as termination or transfer.

Update objective finding / evidence

Implementation Status

Assessment Type

Target Completion Date

Assessed By

Description of Implementation None

Evidence Reference

Evidence File Upload

Not Yet Assessed
3.9.2[c]

Determine if: the system is protected during and after personnel transfer actions.

Update objective finding / evidence

Implementation Status

Assessment Type

Target Completion Date

Assessed By

Description of Implementation None

Evidence Reference

Evidence File Upload

Not Yet Assessed

📝 Assessment Methods (Examine / Interview / Test)

Examine: [SELECT FROM: Personnel security policy; procedures addressing personnel transfer and termination; records of personnel transfer and termination actions; list of system accounts; records of terminated or revoked authenticators and credentials; records of exit interviews; other relevant documents or records].

Interview: [SELECT FROM: Personnel with personnel security responsibilities; personnel with account management responsibilities; system or network administrators; personnel with information security responsibilities].

Test: [SELECT FROM: Organizational processes for personnel transfer and termination; mechanisms supporting or implementing personnel transfer and termination notifications; mechanisms for disabling system access and revoking authenticators].