UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

PRAS-1 Access to Information


Overview

Individuals requiring access to sensitive information are processed for access authorization in accordance with DoD personnel security policies.

MAC / CONF Impact Subject Area
SENSITIVE High Personnel

Details

Threat
Sensitive information stored on servers, workstations, media and documentation are at risk of copying, destruction, and illegal distribution by unauthorized access.  In order to prevent access to sensitive information by unauthorized persons, a proper personnel screening and authorization process must be implemented in accordance with DoD Personnel Security policy.

Guidance
This guidance is intended for Information Assurance Managers/Officers or System Administrators tasked with insuring that only  those personnel cleared for the level of information processed by the system, and the requisite need to know, are granted access to the system for processing purposes:
 
1. Identify types of sensitive (i.e., non-classified) information processed by the system.
2. For each person assigned to the organization and requiring processing privileges on the system, ensure that access authorization is provided by the organizational Security Officer in the form of a document clearly stating that the user has undergone the required background investigation for access to sensitive information, is cleared accordingly, and has been authorized access to the information on a need-to-know basis.

References

    DoD 5200.1R (Personnel Security Program), Appendix 3 (Controlled Unclassified Information), January 1997