Personnel Security (PS): Strengthening Employee Screening & Access Control

See below all the 2 controls

← or go back to the NIST SP 800-171 R2 Guide

Got questions? Contact our team today for a free CMMC Consultation

3.9.1

Ensure personnel changes (terminations, transfers, role changes) do not result in continued access to systems containing CUI. Actions must include revoking access, retrieving credentials and tokens, disabling accounts, and revalidating security authorizations.

More details

+
NIST 800-171 Control Identifier: 3.9.1
CMMC Control Identifier: PS.L2-3.9.1
Control CMMC Level: 2
Basic or Derived Security: Basic

Relevant NIST SP 800-53 R5

PS-3: Personnel Screening

Recommended Microsoft Licensing

Microsoft 365 E5 (or GCC High E5 for CUI)

(supports downstream controls via integration with Entra ID and HRIS systems for onboarding workflows)

3.9.2

Ensure personnel changes (terminations, transfers, role changes) do not result in continued access to systems containing CUI. Actions must include revoking access, retrieving credentials and tokens, disabling accounts, and revalidating security authorizations.

More details

+
NIST 800-171 Control Identifier: 3.9.2
CMMC Control Identifier: PS.L2-3.9.2
Control CMMC Level: 2
Basic or Derived Security: Derived

Relevant NIST SP 800-53 R5

PS-3: Personnel Screening

PS-4: Personnel Termination

PS-5: Personnel Transfer

Recommended Microsoft Licensing

Microsoft 365 E5 (or GCC High E5 for CUI)

(includes identity governance, Conditional Access, Defender for Identity, and Microsoft Entra ID lifecycle management to support access deprovisioning workflows)

Microsoft Cloud for CMMC Compliance

Contact our team today

See how Agile IT's MSP for CMMC can strengthen your data security and allow your team to focus on your business's objectives and success.

Schedule a FREE
consultation