Welcome to our comprehensive Personnel Security (PS) Guide for CMMC Level 2.0 Compliance. This guide is designed specifically to support small and medium-sized businesses, as well as DoD contractors, in achieving Personnel Security compliance & gathering evidence for CMMC Level 2.
In this guide, we provide a clear and practical approach to navigating the personnel security requirements set out in CMMC Level 2.0. From personnel screening processes to updating your System Security Plan (SSP), we’ll guide you through each essential control with actionable steps and evidence-gathering tips to meet compliance with confidence.
To ensure your team is fully prepared for certification, we offer expert consultations designed to simplify complex requirements and expedite your path to compliance. Schedule your free Consultation Now!
PS.L2-3.9.1 – SCREEN INDIVIDUALS FOR PERSONNEL SECURITY
“Screen individuals prior to authorizing access to information systems containing CUI.”
Level Of Effort: Low
This control means that businesses have to check how trustworthy people are before letting them use systems with Controlled Unclassified Information (CUI).
Recommendations:
- Conduct criminal background checks: The usual way companies handle this is by doing criminal background checks on new employees or current employees who haven’t been checked before.
Evidence:
- For conducting background checks: Keep records of these background checks. Also, update your System Security Plan (SSP) to show that you’re keeping track of who’s been checked and that you’re following this screening process.
What our clients say
PS.L2-3.9.2 – PERSONNEL ACTIONS
“Ensure that CUI and information systems containing CUI are protected during and after personnel actions such as terminations and transfers.”
Level Of Effort: Low
This control makes sure that systems with CUI stay safe when people change jobs or leave the company. It requires a plan for turning off their system access. Follow this plan carefully whenever there’s a change in personnel.
Recommendations:
- Checklists for new and leaving employees: Make lists that help you keep track of important steps. When new people or contractors come in, you need to check their backgrounds. It’s also important to carefully decide who gets to access your systems and the CUI. And don’t forget, they need the right training too.
Evidence:
- Using checklists: Keep these checklists and update your SSP with this info. This shows you’re paying attention to these important steps.
A quick tip: You can find examples of Termination Checklists here. You can change them a bit to fit what your company needs. They’re a good starting point to make sure you’re doing everything right when someone leaves the company.
Need Help With Other CMMC Controls?
- Access Control (AC) Guide
- Awareness and Training (AT) Guide
- Audit and Accountability (AU) Guide
- Configuration Management (CM) Guide
- Identification and Authentication (IA) Guide
- Incident Response (IR) Guide
- Maintenance (MA) Guide
- Media Protection (MP) Guide
- Physical Protection (PE) Guide
- Risk Assessment (RA) Guide
- Security Assessment (CA) Guide
- System and Communications Protection (SC) Guide
- System and Information Integrity (SI) Guide
