personnel security requirements

NIST SP 800-171 Personnel Security Requirements

Learn everything you need to know about your Personnel Security requirements for NIST SP 800-171 and CMMC 2.0.

Join our newsletter:
According to NIST Handbook 162 “Personnel security seeks to minimize the risk that staff (permanent, temporary, or contractor) pose to company assets through the malicious use or exploitation of their legitimate access to the company’s resources. A company’s status and reputation can be damaged by the actions of its employees. Employees may have access to extremely sensitive, or proprietary information, the disclosure of which can destroy an organization’s reputation or cripple it financially. Companies should be vigilant when recruiting and hiring new employees, as well as when an employee transfers or is terminated.”

NIST SP 800-171 & CMMC 2.0 Personnel Security Requirements

3.9.1 Screen individuals prior to authorizing access to information systems containing CUI.
To meet requirement 3.9.1, you need to “screen individuals”. Screening refers to performing a background check on an individual. This requirement can be met by performing a background check on employees and contractors before they are granted access to a system containing controlled unclassified information. If they fail the background check you may decide not allow them access to your system.
3.9.2 Ensure that CUI and information systems containing CUI are protected during and after personnel actions such as terminations and transfers.
To meet this requirement, you need to revoke all information system access when an employee is terminated, collect all company provided equipment from them, and hold an exit interview with them to review your confidentiality agreement with the individual. For personnel transfers, that is employees transitioning to different roles in your organization you need to review their account privileges and permission to ensure that they only have access to the resources they need to complete their current job duties. You need to have a process in place where HR and IT coordinate employee transfers.
 

Quick & Simple

Discover Our Cybersecurity Compliance Solutions:

Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you

 NIST SP 800-171 & CMMC Compliance App

NIST SP 800-171 & CMMC Compliance

Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
 HIPAA Compliance App

HIPAA Compliance

Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
 FAR 52.204-21 Compliance App

FAR 52.204-21 Compliance

Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
 ISO 27001 Compliance App

ISO 27001 Compliance

Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.