NIST 800-53 r5 · Controls catalogue · Family PS
PS-3Personnel Screening
Screen individuals prior to authorizing access to the system; and Rescreen individuals in accordance with {{ insert: param, ps-3_prm_1 }}.
Last updated: 09 May 2026 03:25 UTC
Implementations targeting this control (0)
- No implementations targeting this control yet.
ATT&CK techniques this control mitigates (0)
- No ATT&CK techniques mapped to this control yet.
Weaknesses this control addresses (4)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-284 | Improper Access Control | 4,832 | Personnel screening before access authorization directly strengthens access control decisions and reduces the chance that unvetted individuals can exploit improper access control weaknesses. |
CWE-269 | Improper Privilege Management | 2,907 | Vetting individuals before privilege assignment lowers the likelihood that privileges will be given to people who will misuse them, directly mitigating improper privilege management. |
CWE-285 | Improper Authorization | 1,230 | Screening verifies trustworthiness prior to granting rights, making it harder for attackers to exploit improper authorization by placing malicious or unqualified personnel in authorized roles. |
CWE-250 | Execution with Unnecessary Privileges | 305 | Screening supports assignment of access only to those who have been evaluated, reducing execution with unnecessary privileges by untrusted or unqualified personnel. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
| No CVEs annotated to this control yet — the per-CVE backfill is in progress. | ||||