Skip to content
SL5
PS-3

Personnel Screening

Personnel Security

NIST Control Text

  1. Screen individuals prior to authorizing access to the system; and
  2. Rescreen individuals in accordance with [Assignment: organization-defined organization-defined conditions requiring rescreening and, where rescreening is so indicated, the frequency of rescreening].

NIST Discussion

Personnel screening and rescreening activities reflect applicable laws, executive orders, directives, regulations, policies, standards, guidelines, and specific criteria established for the risk designations of assigned positions. Examples of personnel screening include background investigations and agency checks. Organizations may define different rescreening conditions and frequencies for personnel accessing systems based on types of information processed, stored, or transmitted by the systems.

Parameter Values

  • Assignment (conditions/frequency):
  • Under the SenL path, rescreening frequency increases with tier: every 18 months (SenL-1) to every 13 months (SenL-5); under a government partnership, government reinvestigation rules apply [26]
  • Rescreen upon role change requiring higher SenL or upon triggering events from continuous monitoring [26]

SL5 Supplemental Guidance

Personnel with unescorted access to Weight Enclaves must be vetted in proportion to that access. Vetting at the highest tiers is an active area of research, and the SL5 Task Force is developing two paths to meet it [26].

The first is a formal government partnership that relies on existing government investigation and adjudication authorities. This provides the strongest assurance but requires government participation and may depend on new legal authority.

The second is the Sensitivity Levels (SenL) Framework, an industry-adapted clearance model that labs can deploy without government participation, though it would benefit greatly from government information-sharing. SenL classifies personnel into tiers (SenL-1 through SenL-5) by the sensitivity of the access they hold.

Provisional access during vetting requires compensating controls as specified in the SenL Framework Document [26].

Was this control helpful?