Overview
Individuals requiring access to classified information are processed for access authorization in accordance with DoD personnel security policies.
Threat
Classified information stored on servers, workstations, media and documentation are at risk of copying, destruction, and illegal distribution by unauthorized access. In order to prevent access to classified information by unauthorized persons, a proper personnel screening and authorization process must be implemented in accordance with DoD Personnel Security policy.
Guidance
This guidance is intended for Information Assurance Managers/Officers or System Administrators tasked with insuring that only those personnel cleared for the level of information processed by the system, and the requisite need to know, are granted access to the system for processing purposes:
1. Identify types of classified information processed by the system.
2. For each person assigned to the organization and requiring processing privileges on the system, ensure that access authorization is provided by the organizational Security Officer in the form of a document clearly stating that the user has undergone the required background investigation for access to classified information at specific security classification levels, is cleared accordingly, and has been authorized access to the information on a need-to-know basis.
3. Ensure that for systems processing sensitive compartmented information (SCI) or any other compartmented classified information that users have been received the proper briefings and signed the appropriate authorization paperwork.
DoD classifies this control in the subject area of “Personnel” with a impact of “High”.