PRAS-1 Access to Information
Overview
Individuals requiring access to sensitive information are processed for access authorization in accordance with DoD personnel security policies.
| MAC / CONF | Impact | Subject Area |
|---|---|---|
| SENSITIVE | High | Personnel |
Details
| Threat |
|---|
| Sensitive information stored on servers, workstations, media and documentation are at risk of copying, destruction, and illegal distribution by unauthorized access. In order to prevent access to sensitive information by unauthorized persons, a proper personnel screening and authorization process must be implemented in accordance with DoD Personnel Security policy. |
| Guidance |
|---|
| This guidance is intended for Information Assurance Managers/Officers or System Administrators tasked with insuring that only those personnel cleared for the level of information processed by the system, and the requisite need to know, are granted access to the system for processing purposes: 1. Identify types of sensitive (i.e., non-classified) information processed by the system. 2. For each person assigned to the organization and requiring processing privileges on the system, ensure that access authorization is provided by the organizational Security Officer in the form of a document clearly stating that the user has undergone the required background investigation for access to sensitive information, is cleared accordingly, and has been authorized access to the information on a need-to-know basis. |
References
- DoD 5200.1R (Personnel Security Program), Appendix 3 (Controlled Unclassified Information), January 1997