NIST 800-53 REV 5 • PERSONNEL SECURITY

PS-3(3)Information Requiring Special Protective Measures

Verify that individuals accessing a system processing, storing, or transmitting information requiring special protection: Have valid access authorizations that are demonstrated by assigned official government duties; and Satisfy {{ insert: param, ps-03.03_odp }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

Organizational information that requires special protection includes controlled unclassified information. Personnel security criteria include position sensitivity background screening requirements.

Practitioner Notes

Some information requires protective measures beyond standard classification — things like nuclear information, intelligence sources and methods, or critical infrastructure vulnerability data. Personnel accessing this information need additional screening.

Example 1: Identify which information in your environment requires special protective measures (e.g., NATO Restricted, COMSEC material, nuclear data) and document the additional screening requirements for personnel who will handle it.

Example 2: Implement a formal access request process where the data owner certifies the need-to-know before granting access to specially protected information. Log all access approvals and denials and review the access list semiannually.

More Personnel Security Controls

PS-1 Policy and Procedures PS-2 Position Risk Designation PS-3 Personnel Screening PS-3(1) Classified Information