The organization ensures that individuals accessing an information system processing, storing, or transmitting information requiring special protection:
(a) Have valid access authorizations that are demonstrated by assigned official government duties; and
(b) Satisfy [Assignment: organization-defined additional personnel screening criteria].
b. Not appropriate for DoD to define for all CSP's infrastructure or service offerings
Source:
DoD RMF TAG
Organizational information requiring special protection includes, for example, Controlled Unclassified Information (CUI) and Sources and Methods Information (SAMI). Personnel security criteria include, for example, position sensitivity background screening requirements.