The organization requires that the developer of [Assignment: organization-defined information system, system component, or information system service]:
a. Have appropriate access authorizations as determined by assigned [Assignment: organization-defined official government duties]; and
b. Satisfy [Assignment: organization-defined additional personnel screening criteria].