Background Investigations - Completed based Upon IT/Position Sensitivity Levels

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-32396	PE-05.02.01	SV-42733r2_rule	ECPA-1 PRAS-1 PRAS-2 PRNK-1	Medium

Description
Failure to investigate personnel based upon their position sensitivity could result in unauthorized personnel having access to classified or sensitive information.

STIG	Date
Traditional Security	2013-07-11

Details

Check Text ( C-40839r2_chk )
Check site personnel records against JPAS and as applicable any local PERSEC Data Base or equivalent for completion of appropriate level of investigation based on clearance/IT position designations. NOTE 1: Personnel Occupying Information Systems Positions Designated ADP-I, ADP-II and ADP-III. DoD military, civilian personnel, consultants, and contractor personnel performing on unclassified automated information systems may be assigned to one of three position sensitivity designations (in accordance with Appendix 10 of DoD 5200.2-R, Personnel Security Program) and MINIMALLY investigated as follows: ADP-I (AKA: IT-1): SSBI/SBPR/PPR ADP-II (AKA: IT-2): ANACI /NACI /NACLC/ S-PR ADP-III (AKA: IT-3): NAC/ENTNAC Those personnel falling in the above ADP categories who also require access to classified information will, of course, be subject to the appropriate investigative scope for the level of security clearance required. The investigative scope for clearances may exceed but not be less than that required for the designated ADP level. NOTE 2: All designated IA Positions IAW DoD 8570.01-M (IAT Levels I-III or IAM Levels I-III) must be checked. Random checks of all other site personnel records should be made. TACTICAL ENVIRONMENT: The check is applicable for fixed (established) tactical processing environments and is also applicable to a field/mobile environment.

Check Text ( C-40839r2_chk )

Check site personnel records against JPAS and as applicable any local PERSEC Data Base or equivalent for completion of appropriate level of investigation based on clearance/IT position designations.

NOTE 1: Personnel Occupying Information Systems Positions Designated ADP-I, ADP-II and ADP-III. DoD military, civilian personnel, consultants, and contractor personnel performing on unclassified automated information systems may be assigned to one of three position sensitivity designations (in accordance with Appendix 10 of DoD 5200.2-R, Personnel Security Program) and MINIMALLY investigated as follows:
ADP-I (AKA: IT-1): SSBI/SBPR/PPR
ADP-II (AKA: IT-2): ANACI /NACI /NACLC/ S-PR
ADP-III (AKA: IT-3): NAC/ENTNAC
Those personnel falling in the above ADP categories who also require access to classified information will, of course, be subject to the appropriate investigative scope for the level of security clearance required. The investigative scope for clearances may exceed but not be less than that required for the designated ADP level.

NOTE 2: All designated IA Positions IAW DoD 8570.01-M (IAT Levels I-III or IAM Levels I-III) must be checked. Random checks of all other site personnel records should be made.

TACTICAL ENVIRONMENT: The check is applicable for fixed (established) tactical processing environments and is also applicable to a field/mobile environment.

Fix Text (F-36313r2_fix)
Ensure that the appropriate level of investigation for each military, civilian or contract employee has been completed based on clearance/IT position designations and is reflected in JPAS and as applicable any local PERSEC Data Base or equivalent. NOTE 1: Personnel Occupying Information Systems Positions Designated ADP-I, ADP-II and ADP-III. DoD military, civilian personnel, consultants, and contractor personnel performing on unclassified automated information systems may be assigned to one of three position sensitivity designations (in accordance with Appendix 10 of DoD 5200.2-R, Personnel Security Program) and MINIMALLY investigated as follows: ADP-I (AKA: IT-1): SSBI/SBPR/PPR ADP-II (AKA: IT-2): ANACI /NACI /NACLC/ S-PR ADP-III (AKA: IT-3): NAC/ENTNAC Those personnel falling in the above ADP categories who also require access to classified information will, of course, be subject to the appropriate investigative scope for the level of security clearance required. The investigative scope for clearances may exceed but not be less than that required for the designated ADP level. NOTE 2: All designated IA Positions IAW DoD 8570.01-M (IAT Levels I-III or IAM Levels I-III) must be checked. Random checks of all other site personnel records should be made.

Fix Text (F-36313r2_fix)

Ensure that the appropriate level of investigation for each military, civilian or contract employee has been completed based on clearance/IT position designations and is reflected in JPAS and as applicable any local PERSEC Data Base or equivalent.

NOTE 1: Personnel Occupying Information Systems Positions Designated ADP-I, ADP-II and ADP-III. DoD military, civilian personnel, consultants, and contractor personnel performing on unclassified automated information systems may be assigned to one of three position sensitivity designations (in accordance with Appendix 10 of DoD 5200.2-R, Personnel Security Program) and MINIMALLY investigated as follows:
ADP-I (AKA: IT-1): SSBI/SBPR/PPR
ADP-II (AKA: IT-2): ANACI /NACI /NACLC/ S-PR
ADP-III (AKA: IT-3): NAC/ENTNAC
Those personnel falling in the above ADP categories who also require access to classified information will, of course, be subject to the appropriate investigative scope for the level of security clearance required. The investigative scope for clearances may exceed but not be less than that required for the designated ADP level.

NOTE 2: All designated IA Positions IAW DoD 8570.01-M (IAT Levels I-III or IAM Levels I-III) must be checked. Random checks of all other site personnel records should be made.