NIST 800-53 REV 5 • PERSONNEL SECURITY
PS-3(1) — Classified Information
Verify that individuals accessing a system processing, storing, or transmitting classified information are cleared and indoctrinated to the highest classification level of the information to which they have access on the system.
Supplemental Guidance
Classified information is the most sensitive information that the Federal Government processes, stores, or transmits. It is imperative that individuals have the requisite security clearances and system access authorizations prior to gaining access to such information. Access authorizations are enforced by system access controls (see [AC-3](#ac-3) ) and flow controls (see [AC-4](#ac-4)).
Practitioner Notes
Personnel who will access classified information must be screened and cleared at the appropriate level before access is granted. This goes beyond standard background checks to formal security clearance investigations.
Example 1: Submit personnel security investigation requests through DCSA's National Background Investigation Services (NBIS) system. Track clearance status for all personnel in a clearance tracking database and verify that no one accesses classified systems before their investigation is favorably adjudicated.
Example 2: Maintain a facility clearance and personnel clearance log that records each person's clearance level, investigation type (T3, T5), adjudication date, and reinvestigation due date. In your classified environment, configure access controls so that only personnel with current clearances listed in DISS (Defense Information System for Security) can log in.