The CMMC version 1.0 has the following security requirement. CMMC Personnel Security (PS) PS.2.127 (Level 2) “Screen individuals prior to authorizing access to organizational systems containing CUI.” This is a Level 2 requirement. There are no level 3, 4, or 5 requirements in this version of the CMMC. The CMMC document included a discussion from NIST SP 800-171 R2 (3.9.1) for this same security requirement in the appendix (page B.12.2) to clarify this control. It recommends evaluating the individual’s “conduct, Read More