HOME

PS-3 (3)

PS-3 (3) H M
Description

The organization ensures that individuals accessing an information system processing, storing, or transmitting information requiring special protection:
(a) Have valid access authorizations that are demonstrated by assigned official government duties; and
(b) Satisfy [Assignment: organization-defined additional personnel screening criteria].

FedRAMP
  • H PS-3 (3) (b) [personnel screening criteria – as required by specific information]
  • M PS-3 (3) (b) [personnel screening criteria – as required by specific information]
DISA Cloud Computing SRG

b. Not appropriate for DoD to define for all CSP's infrastructure or service offerings

Source:
DoD RMF TAG

Supplemental Guidance

Organizational information requiring special protection includes, for example, Controlled Unclassified Information (CUI) and Sources and Methods Information (SAMI). Personnel security criteria include, for example, position sensitivity background screening requirements.