zydronium/manage.get.gov
1
0
Fork 0
mirror of https://github.com/cisagov/manage.get.gov.git synced 2025-08-02 07:52:15 +02:00
Code Issues Projects Releases Packages Wiki Activity
manage.get.gov/docs/compliance/dist/system-security-plans/ato/ps-4.md
Logan McDonald 1d3dfdb8d5
Add compliance documentation to source control (#116) 
* add initial setup of compliance-trestle
2022-09-14 08:46:43 -04:00

3.4 KiB
Raw Blame History

implementation-status control-origination
c-not-implemented
c-inherited-cloud-gov
c-inherited-cisa
c-common-control
c-system-specific-control

ps-4 - [catalog] Personnel Termination

Control Statement

Upon termination of individual employment:

  • [a] Disable system access within time period;

  • [b] Terminate or revoke any authenticators and credentials associated with the individual;

  • [c] Conduct exit interviews that include a discussion of information security topics;

  • [d] Retrieve all security-related organizational system-related property; and

  • [e] Retain access to organizational information and systems formerly controlled by terminated individual.

Control guidance

System property includes hardware authentication tokens, system administration technical manuals, keys, identification cards, and building passes. Exit interviews ensure that terminated individuals understand the security constraints imposed by being former employees and that proper accountability is achieved for system-related property. Security topics at exit interviews include reminding individuals of nondisclosure agreements and potential limitations on future employment. Exit interviews may not always be possible for some individuals, including in cases related to the unavailability of supervisors, illnesses, or job abandonment. Exit interviews are important for individuals with security clearances. The timely execution of termination actions is essential for individuals who have been terminated for cause. In certain situations, organizations consider disabling the system accounts of individuals who are being terminated prior to the individuals being notified.

Control assessment-objective

upon termination of individual employment, system access is disabled within time period; upon termination of individual employment, any authenticators and credentials are terminated or revoked; upon termination of individual employment, exit interviews that include a discussion of information security topics are conducted; upon termination of individual employment, all security-related organizational system-related property is retrieved; upon termination of individual employment, access to organizational information and systems formerly controlled by the terminated individual are retained.

What is the solution and how is it implemented?

Implementation a.

Add control implementation description here for item ps-4_smt.a

Implementation b.

Add control implementation description here for item ps-4_smt.b

Implementation c.

Add control implementation description here for item ps-4_smt.c

Implementation d.

Add control implementation description here for item ps-4_smt.d

Implementation e.

Add control implementation description here for item ps-4_smt.e