NIST 800-53 REV 5 • PERSONNEL SECURITY

PS-3(2)Formal Indoctrination

Verify that individuals accessing a system processing, storing, or transmitting types of classified information that require formal indoctrination, are formally indoctrinated for all the relevant types of information to which they have access on the system.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Types of classified information that require formal indoctrination include Special Access Program (SAP), Restricted Data (RD), and Sensitive Compartmented Information (SCI).

Practitioner Notes

Formal indoctrination means that before someone accesses information requiring special protections (like SCI — Sensitive Compartmented Information), they must go through a formal briefing that explains their responsibilities and the consequences of unauthorized disclosure.

Example 1: Conduct a formal indoctrination briefing for all personnel being read into a special access program. Cover the program's security requirements, handling procedures, reporting obligations, and penalties for unauthorized disclosure. Have each person sign an indoctrination acknowledgment form.

Example 2: Maintain a signed SF-312 (Classified Information Nondisclosure Agreement) for every cleared employee. Store these forms in a secure, locked file cabinet and track execution dates in your security database. No signed NDA, no access — enforce this without exception.

More Personnel Security Controls

PS-1 Policy and Procedures PS-2 Position Risk Designation PS-3 Personnel Screening PS-3(1) Classified Information